Privacy Policy

1. Introduction

The Trefford Lemon Group (hereinafter: Data Controller, Service Provider) commits to ensuring that the processing of data related to its Service complies with the conditions specified in this policy and relevant legislation.

This policy is available on all pages operated by the company. The Data Controller reserves the right to change this policy as necessary. It will inform its clients and partners of any changes in a timely manner.

The Data Controller is committed to protecting the personal data of its partners and users and considers it paramount to respect the informational self-determination rights of its clients. Personal data is handled confidentially, and all necessary security, technical, and organizational measures are taken to guarantee the security of the data.

The Data Controller’s data processing principles are in accordance with applicable data protection laws, particularly the following:

In establishing data protection and data processing provisions, the Data Controller has paid special attention to the provisions of the European Parliament and Council Regulation 2016/679 ("General Data Protection Regulation" or "GDPR") (https://eur-lex.europa.eu/legal-content/HU/TXT/HTML/?uri=CELEX:32016R0679&from=HU).

The text of the European General Data Protection Regulation can be viewed here in the following formats

2. Definitions – According to Act LXIII of 1992

2.1. Personal Data: Any data that can be related to a specific (identified or identifiable) natural person (data subject), inferring conclusions about the data subject from the data. Personal data retains this quality during data processing as long as its connection to the data subject can be restored. A person is particularly considered identifiable if they can be identified – directly or indirectly – by a name, identifier, or one or more factors characteristic of their physical, physiological, mental, economic, cultural, or social identity. For data processing purposes, corporate user data is treated in the same manner as personal data.

2.2. Consent: A voluntary and explicit statement of the data subject’s wishes, based on adequate information, through which they provide unambiguous consent to the processing of their personal data, whether in full or for specific operations.

2.3. Objection: A statement from the data subject expressing opposition to the processing of their personal data and requesting the termination of the data processing and the deletion of the processed data.

2.4. Data Controller: A natural or legal person, or an organization without legal personality, who determines the purpose of data processing, makes decisions regarding the data processing (including the tools used), and executes or has executed by a data processor they appoint.

2.5. Data Processing: Any operation or set of operations performed on data, irrespective of the applied procedure, such as collection, recording, storage, alteration, utilization, transmission, disclosure, coordination or combination, restriction, deletion, and destruction of data, as well as preventing further use of the data. Data processing also includes taking photographs, sound recordings, or video recordings, as well as recording physical characteristics suitable for identifying a person (e.g., fingerprints, palm prints, DNA samples, iris images).

2.6. Data Transfer: Making the data accessible to a specific third party.

2.7. Disclosure: Making the data accessible to anyone.

2.8. Data Deletion: Rendering the data unrecognizable in such a way that its restoration is no longer possible.

2.9. Data Storage: Making the transmission, knowledge, disclosure, transformation, alteration, destruction, deletion, combination, or coordination and use of the data permanently or for a defined period impossible.

2.10. Data Destruction: The complete physical destruction of data or the data carrier containing the data.

2.11. Data Processing: Performing technical tasks related to data processing operations, regardless of the methods and tools used for executing the operations, as well as the location of the application.

2.12. Data Processor: A natural or legal person, or an organization without legal personality, who processes personal data on behalf of the data controller.

2.13. Third Party: A natural or legal person, or an organization without legal personality, who is not the data subject, the data controller, or the data processor.

2.14. Third Country: Any country that is not a member of the European Economic Area.

3. Principles of Data Processing

Personal data may be processed if:

  • the data subject consents, or
  • it is ordered by law or by a local government decree issued under the authority of law and within the scope defined therein.

Special categories of data may not be processed.

Personal data may only be processed for specific purposes, to exercise rights and fulfill obligations. Data processing must comply with this purpose at every stage.

Only personal data that is essential to achieve the purpose of data processing may be processed, and it must be limited to what is necessary for achieving that purpose, both in terms of extent and duration.

Personal data may only be processed based on informed consent.

The data subject must be informed—clearly, understandably, and in detail—about all facts related to the processing of their data, including, in particular, the purpose and legal basis of the data processing, the identity of the person authorized to process the data, the duration of data processing, and who may access the data. The information must also cover the rights of the data subject regarding data processing and their options for legal remedies.

The personal data processed must meet the following requirements:

  • Their collection and processing must be fair and lawful;
  • They must be accurate, complete, and, when necessary, timely;
  • Their storage method must be suitable for identifying the data subject only for as long as is necessary for the purpose of storage.

The unrestricted use of a general and uniform identification number is prohibited.

Personal data may be transmitted and different data processing operations may be combined if the data subject has consented or if it is permitted by law, provided that the conditions for data processing are met for each individual personal data.

Personal data may be transferred from the country to a data controller or data processor located in a third country—regardless of the data carrier or the method of data transfer—only if the data subject has explicitly consented to it, or if it is permitted by law, and if adequate protection for personal data is ensured during the processing in the third country. Data transfers to member states of the European Economic Area will be treated as if the transfer were taking place within the territory of the Republic of Hungary.

4. The Scope of Personal Data, Purpose of Data Processing, Legal Basis, and Duration

The processing of all data within the services is based on voluntary consent.

During visits to the websites, the Service Provider records and retains the users’ IP addresses, port numbers, the time of visits, and the URLs of the pages viewed for the purpose of creating statistics on user habits, in accordance with Section 159A of Act C of 2003 (https://net.jogtar.hu/jr/gen/hjegy_doc.cgi?docid=A0300100.TV). This information is kept for one year.

To provide personalized services, the Service Provider may place small data packets, known as cookies, on the user’s computer.

As a technical facilitator, the Service Provider can ensure that during visits to the website, third parties cooperating with the Service Provider, especially Google Inc., store cookies (https://support.google.com/chrome/answer/95647?co=GENIE.Platform=Desktop&hl=hu) so that if the user has previously visited the Service Provider’s website, advertisements can be displayed to the user based on that prior visit.

Users can delete cookies from their computers and configure their browsers to prevent the use of cookies. Furthermore, Google provides an option for users to disable cookies placed by Google on the page for turning off ads displayed by Google (https://support.google.com/accounts/answer/61416?hl=hu).

According to Section 30(a) of Act LXIII of 1992 on the protection of personal data and the publicity of data of public interest (https://mkogy.jogtar.hu/?page=show&docid=99200063.TV), the data processing carried out by the Service Provider does not need to be reported to the data protection registry since the Service Provider (Data Controller) processes data only of those individuals with whom it has a client relationship.

4.2. Data Collection by External Service Providers on the Website

The HTML code of the pages operated by the Service Provider may contain links to or from external servers independent of the Service Provider.

External service providers do not have access to personal data; the Service Provider only ensures the availability of aggregated data.

4.3. Registration Database

As of May 24, 2018, registration has been discontinued on the portal operated by the Service Provider. Previously registered users can request the deletion of their data at the email address [email protected].

4.4. Submission of Own Content

The editorial office reserves the right to publish unsolicited manuscripts in a shortened and edited form.

5. Method of Storing Personal Data and Security of Data Processing

The Service Provider selects and operates the IT tools used for processing personal data during the provision of services in such a way that the processed data:

  • is accessible to authorized persons (availability);
  • ensures accuracy and verification (data processing authenticity);
  • can be confirmed for integrity (data integrity);
  • is protected against unauthorized access (data confidentiality).

The Service Provider implements technical, organizational, and administrative measures to ensure the security of data processing that provide an appropriate level of protection corresponding to the risks associated with data processing.

During data processing, the Service Provider maintains:

  • Confidentiality: protecting the information so that only those who are authorized can access it;
  • Integrity: ensuring the accuracy and completeness of the information and its processing methods;
  • Availability: ensuring that when an authorized user needs it, they can indeed access the desired information, and that the necessary tools are available.

The IT systems and network of the Service Provider are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as against computer viruses, hacking, and denial-of-service attacks. The operator ensures security through server-level and application-level protective procedures.

6. Data Controller Information and Contact Details

Name: Trefford Lemon GroupŰ
Email: [email protected]

7. Rights of the Data Subjects

The data subject may request information regarding the processing of their personal data and ask for the correction or deletion of their personal data—except for data processing mandated by law—using the method indicated at registration or through customer service.

Upon the data subject’s request, the Service Provider, as the Data Controller, will provide information about the data processed by them and by the processor entrusted by them, the purpose of data processing, the legal basis, the duration, the name and address (registered office) of the data processor, and related activities, as well as who has received or will receive the data and for what purpose. The Data Controller will provide this information in writing and in an understandable format within the shortest time possible, but no later than 30 days from the submission of the request. This information is free of charge if the requester has not previously submitted a request for information about the same area within the current year. In other cases, the Service Provider will establish a fee.

The Service Provider will delete personal data if its processing is unlawful, if the data subject requests it, if the purpose of data processing has ceased, or if the storage period defined in this policy or required by law has expired, or if a court or the data protection authority has ordered it.

The Service Provider will notify the data subject and all those who received the data for processing purposes about the deletion. Notification may be omitted if it does not violate the legitimate interests of the data subject with regard to the purpose of data processing.

The data subject has the right to object to the processing of their personal data if:

  • the processing (transmission) of personal data is solely necessary for the enforcement of the rights or legitimate interests of the data controller or the data recipient, except where the processing is mandated by law;
  • the personal data is used or transmitted for the purpose of direct marketing, public opinion research, or scientific research;
  • the law otherwise allows for the exercise of the right to object.

The Service Provider will investigate the objection—while suspending data processing—within the shortest time possible, but no later than 15 days from the submission of the request, and will inform the applicant in writing of the outcome. If the objection is justified, the Data Controller will cease the data processing, including further data collection and transmission, and lock the data.

If the data subject disagrees with the decision made by the Data Controller, they may appeal to the court within 30 days of the notification of the decision.

In the event of violation of the data subject’s rights, they may take legal action against the Data Controller. The court will handle the case as a matter of urgency.

The Service Provider compensates any damage caused to others due to unlawful processing of the data subject’s data or a breach of the technical data protection requirements. The Data Controller is exempt from liability if the damage results from unavoidable reasons outside the scope of data processing.

No compensation is required for damages that arise from the intentional or grossly negligent behavior of the harmed party.

The data subject can file a complaint or seek remedy with the Office of the Data Protection Commissioner:
Name: Office of the Data Protection Commissioner
Address: 1051 Budapest, Nádor u. 22.
Mailing Address: 1387 Budapest, Pf.: 40.
Phone: +36 1 475 7186, +36 1 475 7100
Fax: +36 1 269 3541
Email: [email protected]