PRIVACY NOTICE

Data Protection

We collect and process personal data strictly in compliance with applicable laws and regulations.

Direct marketing (DM) communications are sent only with the explicit consent of the data subject. System notifications may be sent without separate consent where permitted by law.

Personal data is stored using the highest possible security standards.

Personal data is disclosed to third parties only with the data subject’s consent, unless otherwise required by law.

Upon written request sent to This email address is being protected from spambots. You need JavaScript enabled to view it., we provide information about the personal data stored concerning the requesting individual.

Requests for the deletion of personal data may be submitted to This email address is being protected from spambots. You need JavaScript enabled to view it..

Introduction:

TWS Lifting and Material Handling Equipment Trading and Service Ltd.

Registered office: 1047 Budapest, Tinódi u. 5–7.

Mailing address: 1047 Budapest, Tinódi u. 5–7.

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: http://www.tws.hu/

(hereinafter referred to as the “Service Provider” or “Data Controller”) hereby submits itself to the following Privacy Notice.

Pursuant to Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the data subject (in this case, the webshop user, hereinafter referred to as the “User”) must be informed prior to the commencement of data processing whether the processing is based on consent or is mandatory.

Prior to the commencement of data processing, the data subject must be clearly and comprehensively informed of all facts relating to the processing of their personal data, including in particular the purpose and legal basis of the processing, the identity of the persons authorized to process and manage the data, and the duration of the data processing.

Pursuant to Section 6 (1) of the Info Act, the data subject must also be informed that personal data may be processed even without the data subject’s consent if obtaining such consent is impossible or would involve disproportionate cost, and if the processing of personal data is necessary for compliance with a legal obligation applicable to the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller or by a third party, provided that the enforcement of such interests is proportionate to the restriction of the right to the protection of personal data.

The information provided must also cover the data subject’s rights related to data processing and the available legal remedies.

Where providing individual information to data subjects is impossible or would involve disproportionate cost (as in the case of a website), the information obligation may also be fulfilled by making the following details publicly available:

– the fact of data collection,

– the scope of data subjects concerned,

– the purpose of data collection,

– the duration of data processing,

– the identity of potential data controllers entitled to access the data,

– the data subjects’ rights in relation to data processing and the available legal remedies,

– where applicable, the data protection registration number of the data processing activity.

This Privacy Notice governs the data processing activities of the following website: www.tws.hu and is based on the above statutory requirements.

Amendments to this Notice shall enter into force upon publication at the above address. References to the relevant legal provisions are indicated following the respective section headings.

Interpretative Definitions (Section 3)

data subject / User: any identified or identifiable natural person who can be identified, directly or indirectly, on the basis of personal data;

personal data: any information relating to the data subject – in particular the data subject’s name, identification number, or one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity – as well as any inference that can be drawn from such data concerning the data subject;

special categories of data:

– personal data revealing racial origin, nationality, political opinions or party affiliation, religious or other beliefs, membership in interest-representation organizations, or sexual life;

– personal data concerning health status, pathological addictions, or criminal personal data;

consent: a voluntary and explicit expression of the data subject’s will, based on appropriate information, by which the data subject gives unambiguous agreement to the processing of personal data relating to them, either in full or with respect to specific operations;

objection: a statement by the data subject objecting to the processing of their personal data and requesting the termination of such processing or the deletion of the processed data;

data controller: a natural or legal person, or an organization without legal personality, who alone or jointly with others determines the purposes of data processing and makes and implements decisions regarding the processing (including the means used), or has them implemented by a data processor engaged by them;

data processing: any operation or set of operations performed on data, regardless of the procedure applied, including in particular collection, recording, registration, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure, destruction, prevention of further use, taking photographs, audio or video recordings, and recording physical characteristics suitable for identification (e.g. fingerprint, palm print, DNA sample, iris image);

data transfer: making data accessible to a specified third party;

disclosure: making data accessible to anyone;

data erasure: rendering data unrecognizable in such a way that its restoration is no longer possible;

data marking: assigning an identifying mark to data for the purpose of distinguishing it;

data blocking: assigning an identifying mark to data for the purpose of permanently or temporarily restricting its further processing;

data destruction: the complete physical destruction of the data carrier containing the data;

data processor: a natural or legal person, or an organization without legal personality, who processes data on the basis of a contract concluded with the data controller – including contracts concluded pursuant to legal provisions;

data controller (public authority): a public body that has produced public interest data required to be published electronically or in whose operations such data was generated;

data publisher: a public body that publishes data provided to it by the data controller on a website, where the data controller does not publish the data itself;

data file: the totality of data managed within a single registry;

third party: a natural or legal person, or an organization without legal personality, other than the data subject, the data controller, or the data processor.

Legal Basis for Data Processing (Sections 5–6)

Personal data may be processed if:

– the data subject has given consent; or

– it is ordered by law, or by a local government decree issued on the basis of statutory authorization, for purposes serving the public interest.

Personal data may also be processed where obtaining the data subject’s consent is impossible or would involve disproportionate cost, and the processing is necessary:

– for compliance with a legal obligation applicable to the data controller; or

– for the purposes of legitimate interests pursued by the data controller or a third party, provided that such interests are proportionate to the restriction of the right to protection of personal data.

If the data subject is unable to give consent due to incapacity or another unavoidable reason, their personal data may be processed, to the extent necessary and during the existence of such impediment, for the protection of their own or another person’s vital interests, or to prevent or eliminate a direct threat to life, physical integrity, or property.

A minor over the age of 16 may validly give consent to data processing without the consent or subsequent approval of their legal representative.

Where data processing based on consent serves the performance of a written contract with the data controller, the contract must contain all information that the data subject must know regarding the processing of personal data, including in particular:

– the scope of the data processed,

– the duration of the processing,

– the purpose of use,

– the fact and recipients of data transfers,

– the involvement of data processors.

The contract must clearly state that by signing it, the data subject consents to the processing of their data as specified therein.

If personal data was collected with the data subject’s consent, the data controller may, in the absence of contrary legal provisions, further process the collected data:

– for the purpose of complying with a legal obligation applicable to the data controller; or

Purpose Limitation of Data Processing (Section 4 [1]–[2])

Personal data may be processed exclusively for a specific purpose, in order to exercise a right or fulfill an obligation. At every stage of processing, the data processing must comply with its intended purpose, and the collection and handling of data must be fair and lawful.

Only personal data that is essential for achieving the purpose of processing and suitable for attaining that purpose may be processed. Personal data may be processed only to the extent and for the duration necessary to achieve the specified purpose.

Other Principles of Data Processing (Section 4 [3]–[4])

Personal data shall retain its nature as personal data during processing as long as its connection with the data subject can be restored. The connection with the data subject is considered restorable if the data controller possesses the technical means necessary for such restoration.

During data processing, the accuracy, completeness, and—where necessary in light of the purpose of processing—up-to-date status of the data must be ensured. Furthermore, the data subject may only be identifiable for as long as necessary to achieve the purpose of the data processing.

Functional Data Processing

Pursuant to Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following information must be specified regarding the operation of the functionality of the website www.tws.hu:

– the fact of data collection,

– the scope of data subjects concerned,

– the purpose of data collection,

– the duration of data processing,

– the persons of potential data controllers entitled to access the data,

– the rights of data subjects related to data processing.

Fact of data collection and scope of processed data:

Password, first and last name, e-mail address, phone number, shipping address, shipping name, billing address, billing name, payable amount, date and time of registration/purchase, IP address at the time of registration/purchase.

Scope of data subjects concerned:

All users who register or make a purchase on the website.

Purpose of data collection:

The Service Provider processes Users’ personal data for the purpose of ensuring the full use of the website, establishing and performing contracts for the provision of services, determining and modifying their content, monitoring performance, invoicing fees arising therefrom, enforcing related claims, and sending newsletters.

Duration of data processing and deadline for deletion:

Data is deleted immediately upon deletion of registration or completion of purchase.

An exception applies to accounting documents, which must be retained for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting.

Accounting documents directly or indirectly supporting accounting records (including general ledger accounts and analytical or detailed records) must be retained in a readable format and retrievable by reference to accounting entries for at least 8 years.

Persons entitled to access the data:

Personal data may be processed by the employees of the data controller, in compliance with the above principles.

Rights of data subjects:

The data subject may request the deletion or modification of personal data by:

– postal mail to: TWS Ltd., 1047 Budapest, Tinódi u. 5–7., Hungary

– e-mail to: This email address is being protected from spambots. You need JavaScript enabled to view it.

Legal basis for data processing:

The User’s consent pursuant to Section 5 (1) of the Information Act, and Section 13/A (3) of Act CVIII of 2001 on Electronic Commerce Services and Certain Issues of Information Society Services (E-Commerce Act), which states:

The service provider may process personal data that is technically indispensable for the provision of the service. Subject to other conditions being equal, the service provider must choose and operate the tools used in the provision of information society services in such a way that personal data is processed only if it is strictly necessary for the provision of the service and for the fulfillment of other purposes defined by law, and even in such cases only to the extent and for the duration necessary.

Our Principles Regarding Functional Data Processing (E-Commerce Act, Section 13/A)

The service provider may process personal identification data, residential address, and data relating to the time, duration, and location of the use of information society services for the purpose of invoicing fees arising from contracts for the provision of such services.

For the purpose of providing the service, the service provider may process personal data that is technically indispensable for the provision of the service. Subject to equal conditions, the service provider must select and operate the tools used in providing information society services in such a way that personal data is processed only if it is strictly necessary for the provision of the service and for the fulfillment of other purposes defined in the E-Commerce Act, and even then only to the extent and for the duration necessary.

The service provider may process data related to the use of the service for any other purpose—particularly for improving service efficiency, delivering electronic advertisements or other targeted content to the user, or for market research—only after the prior determination of the data processing purpose and on the basis of the user’s consent.

The user must be provided, both prior to and during the use of the information society service, with the continuous opportunity to prohibit data processing.

Processed data must be deleted if the contract is not concluded, upon termination of the contract, and following invoicing. Data must also be deleted if the purpose of processing has ceased or if the user so requests. Unless otherwise provided by law, deletion must be carried out without delay.

The service provider must ensure that the user can, at any time before and during the use of the information society service, become informed about the data processing purposes and the categories of data processed by the service provider, including data that cannot be directly linked to the user.

Cookie Management

Pursuant to Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following information must be specified regarding cookie-related data processing on the website www.tws.hu:

– the fact of data collection,

– the scope of data subjects concerned,

– the purpose of data collection,

– the duration of data processing,

– the persons of potential data controllers entitled to access the data,

– the rights of data subjects related to data processing.

Typical cookies used by webshops include “password-protected session cookies”, “shopping cart cookies”, and “security cookies”, which do not require prior consent from the data subject.

Fact of data processing and scope of processed data:

Unique identifier, dates, and timestamps.

Scope of data subjects concerned:

All visitors to the website.

Purpose of data processing:

User identification, maintaining the shopping cart, and tracking visitors.

Duration of data processing and deadline for deletion:

In the case of session cookies, data processing lasts until the end of the website visit.

Persons entitled to access the data:

Personal data may be processed by the employees of the data controller, in compliance with the above principles.

Rights of data subjects:

Data subjects may delete cookies in their browser settings, typically under Tools/Settings within the Privacy menu.

Legal basis for data processing:

Consent from the data subject is not required if the sole purpose of using cookies is to transmit communication over an electronic communications network, or if the cookies are strictly necessary for the provider to deliver an information society service explicitly requested by the subscriber or user.

The Service Provider measures website traffic data using Google Analytics. During the use of this service, certain data is transmitted. The transmitted data is not suitable for identifying the data subject. Further information about Google’s privacy principles is available at:: http://www.google.hu/policies/privacy/ads/

Newsletter and Direct Marketing Activities

Pursuant to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, the User may give prior and explicit consent to be contacted by the Service Provider at the e-mail address provided during registration with advertising offers and other communications.

Furthermore, in accordance with the provisions of this Privacy Notice, the User may consent to the processing of personal data necessary for the delivery of advertising offers.

The Service Provider does not send unsolicited advertising messages. The User may unsubscribe from receiving offers at any time, free of charge and without restriction or justification. In such cases, the Service Provider deletes all personal data necessary for sending advertising messages from its records and will no longer contact the User with advertising offers. The User may unsubscribe by clicking the link provided in the message.

Pursuant to Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following must be specified in relation to data processing for newsletter distribution:

– the fact of data collection,

– the scope of data subjects concerned,

– the purpose of data collection,

– the duration of data processing,

– the persons of potential data controllers entitled to access the data,

– the rights of data subjects related to data processing.

Fact of data processing and scope of processed data:

Name, e-mail address, date, and time.

Scope of data subjects concerned:

All persons subscribing to the newsletter.

Purpose of data processing:

Sending electronic messages containing advertisements to the data subject and providing information about current news, products, promotions, new features, etc.

Duration of data processing and deadline for deletion:

Data processing lasts until the withdrawal of consent, i.e., until the User unsubscribes.

Persons entitled to access the data:

Personal data may be processed by the employees of the data controller, in compliance with the above principles.

Rights of data subjects:

The data subject may unsubscribe from the newsletter at any time, free of charge.

Legal basis for data processing:

The voluntary consent of the data subject pursuant to Section 5 (1) of the Information Act and Section 6 (5) of Act XLVIII of 2008 on Commercial Advertising Activities, which provides that:

The advertiser, advertising service provider, or publisher of the advertisement shall maintain a record of the personal data of persons who have given consent, within the scope defined in the consent. The data recorded in this register, relating to the recipient of the advertisement, may be processed only in accordance with the consent given and until such consent is withdrawn, and may be transferred to third parties only with the prior consent of the data subject.

Facebook

– the fact of data collection,

– the scope of data subjects concerned,

– the purpose of data collection,

– the duration of data processing,

– the persons of potential data controllers entitled to access the data,

– the rights of data subjects related to data processing.

Fact of data collection and scope of processed data:

The name registered on the Facebook.com social networking site and the user’s public profile picture.

Scope of data subjects concerned:

All data subjects who are registered on the Facebook.com social networking site and have liked the website.

Purpose of data processing:

Sharing or liking certain content elements, products, promotions of the webshop, or the website itself on Facebook.com.

Duration of data processing, persons entitled to access the data, and rights of data subjects:

Information regarding the source of the data, its processing, the method and legal basis of transfer is available at:

http://www.facebook.com/about/privacy/

As data processing takes place on the Facebook.com website, the duration, method of processing, and possibilities for deletion or modification of data are governed by the rules of the Facebook.com social networking site:

http://www.facebook.com/legal/terms?ref=pf

http://www.facebook.com/about/privacy/

Legal basis for data processing:

The voluntary consent of the data subject to the processing of their personal data on the Facebook.com website.

Data Transfer

– the fact of data collection,

– the scope of data subjects concerned,

– the purpose of data collection,

– the duration of data processing,

– the persons of potential data controllers entitled to access the data,

– the rights of data subjects related to data processing.

Fact of data processing and scope of processed data:

Data transferred for the purpose of delivery:

Shipping name, shipping address, phone number, payable amount.

Data transferred for the purpose of online payment processing:

Billing name, billing address, payable amount.

Scope of data subjects concerned:

All data subjects requesting home delivery or online purchase.

Purpose of data processing:

Delivery of the ordered product and processing of the online purchase.

Duration of data processing and deadline for deletion:

Data processing lasts until the completion of home delivery or online payment processing.

Persons entitled to access the data:

Personal data may be processed by the following entities, in compliance with the above principles:

(Here you can list the courier service provider, payment service provider, hosting provider, etc., depending on the actual partners.)

Hosting Provider of the Website:

INTEGRITY LTD.

Registered office: 8000 Székesfehérvár, Gyetvai u. 6., Hungary

Mailing address: 1132 Budapest, Victor Hugo u. 18–22., Hungary

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Newsletter System Provider:

Pannon Creative Ltd.

2800 Tatabánya, Bánhidai ltp. 318. fszt. 1., Hungary

Tax number: 23134762-2-11

Marketing and communication:

Pannon Creative Kft.

2800 Tatabánya Bánhidai ltp. 318. fszt. 1.

Tax number: 23134762-2-11

Rights of Data Subjects: The data subject may request the home delivery or online payment service provider, acting as data controller, to promptly delete their personal data.

Legal Basis for Data Transfer: The User’s consent pursuant to Section 5 (1) of Act CXII of 2011 (Information Act) and Section 13/A (3) of Act CVIII of 2001 on Electronic Commerce Services and Certain Issues of Information Society Services.

Data Security (Section 7)

The data controller shall design and implement data processing operations in a manner that ensures the protection of the data subjects’ privacy.

The data controller and, within the scope of its activities, the data processor shall ensure the security of data and shall take the technical and organizational measures and establish the procedural rules necessary to enforce the provisions of the Information Act and other data and confidentiality protection regulations.

Data must be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction or damage and inaccessibility resulting from changes in applied technology.

To protect electronically managed data files in various registers, appropriate technical solutions must ensure that data stored in registers—unless otherwise permitted by law—cannot be directly linked or assigned to the data subject.

During the automated processing of personal data, the data controller and the data processor shall implement additional measures to ensure:

– the prevention of unauthorized data entry;

– the prevention of unauthorized use of automated data processing systems by means of data transmission equipment;

– the ability to verify and establish to which bodies personal data has been or may be transmitted using data transmission equipment;

– the ability to verify and establish which personal data was entered into automated data processing systems, at what time, and by whom;

– the recoverability of installed systems in the event of malfunction;

– that reports are generated on errors occurring during automated processing.

When determining and applying measures to ensure data security, the data controller and the data processor must take into account the current state of technological development. Among several possible data processing solutions, the one that ensures a higher level of protection for personal data must be chosen, unless it would impose a disproportionate burden on the data controller.

Rights of Data Subjects (Sections 14–19)

The data subject may request that the Service Provider provide information regarding the processing of their personal data, request the rectification of their personal data, and request the deletion or blocking of their personal data—except in cases of mandatory data processing.

Upon the data subject’s request, the data controller shall provide information about the personal data processed by it or by a data processor engaged by it, including the source of the data, the purpose, legal basis and duration of processing, the name and address of the data processor and its activities related to data processing, and—if personal data has been transferred—the legal basis and recipient of such transfer.

For the purpose of verifying the lawfulness of data transfers and informing the data subject, the data controller shall maintain a data transfer register, which includes the date of the transfer of personal data, the legal basis and recipient of the transfer, the scope of transferred personal data, and other data specified by applicable law.

The data controller shall provide the requested information in writing, in a clear and comprehensible form, within the shortest possible time but no later than 30 days from the submission of the request. The information shall be provided free of charge.

Upon the User’s request, the Service Provider shall provide information regarding the data it processes, their source, purpose, legal basis, duration, the name and address of any data processor involved and its related activities, and—if personal data has been transferred—the legal basis and recipient of the transfer. The Service Provider shall provide this information in writing, in a clear and comprehensible form, within a maximum of 30 days from receipt of the request. The information shall be free of charge.

If personal data is inaccurate and the correct personal data is available to the data controller, the Service Provider shall rectify the personal data.

Instead of deletion, the Service Provider shall block the personal data if the User so requests or if, based on the available information, it can be presumed that deletion would infringe the User’s legitimate interests. Blocked personal data may be processed only as long as the purpose of data processing that excluded deletion persists.

The Service Provider shall delete personal data if its processing is unlawful, if the User so requests, if the processed data is incomplete or incorrect and this condition cannot be lawfully remedied—provided that deletion is not excluded by law—if the purpose of processing has ceased, if the statutory retention period has expired, or if deletion has been ordered by a court or by the National Authority for Data Protection and Freedom of Information.

The data controller shall mark the personal data it processes if the data subject disputes its accuracy or correctness, but the inaccuracy or incorrectness cannot be clearly established.

The data subject, as well as all parties to whom the data has previously been transferred for processing purposes, shall be notified of rectification, blocking, marking, or deletion. Notification may be omitted if it does not infringe the legitimate interests of the data subject in light of the purpose of processing.

If the data controller does not comply with the request for rectification, blocking, or deletion, it shall communicate in writing, within 30 days of receipt of the request, the factual and legal reasons for rejecting the request. In the event of rejection, the data controller shall inform the data subject of the possibility of seeking judicial remedy and of filing a complaint with the supervisory authority.

Legal Remedies

The User may object to the processing of their personal data if:

– the processing or transfer of personal data is necessary solely for compliance with a legal obligation applicable to the Service Provider or for the enforcement of the legitimate interests of the Service Provider, data recipient, or a third party, unless such processing is ordered by law;

– the use or transfer of personal data is carried out for direct marketing, public opinion polling, or scientific research purposes;

– in other cases specified by law.

The Service Provider shall examine the objection within the shortest possible time, but no later than 15 days from the submission of the request, make a decision regarding its merits, and inform the applicant in writing of its decision.

If the Service Provider determines that the objection is well-founded, it shall terminate the data processing—including further data collection and data transfer—block the data, and notify all parties to whom the personal data concerned by the objection had previously been transferred, and who are required to take measures to enforce the right of objection.

If the User disagrees with the decision of the Service Provider, they may initiate legal proceedings within 30 days from the notification of the decision. The court shall proceed in an expedited manner.

In case of alleged unlawful data processing, a complaint may be lodged with the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C., Hungary

Mailing address: 1530 Budapest, P.O. Box 5, Hungary

Phone: +36 1 391 1400

Fax: +36 1 391 1410

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Judicial Enforcement

The data controller bears the burden of proving that data processing complies with the applicable legal provisions. The lawfulness of data transfer must be proven by the data recipient.

Jurisdiction over the lawsuit lies with the competent regional court (court of first instance). The action may also be initiated—at the choice of the data subject—before the regional court having jurisdiction over the data subject’s place of residence or habitual residence.

A party to the proceedings may also be a person who otherwise does not have legal capacity to sue. The supervisory authority may intervene in the proceedings in order to support the success of the data subject’s claim.

If the court grants the claim, it shall order the data controller to provide the requested information, rectify, block or delete the data, annul a decision made through automated data processing, take into account the data subject’s right to object, or disclose the requested data to the data recipient.

If the court rejects the claim of the data recipient, the data controller must delete the personal data of the data subject within three days of notification of the judgment. The data controller must also delete the data if the data recipient does not initiate court proceedings within the prescribed time limit.

The court may order the publication of its judgment—including the identification details of the data controller—if required by the interests of data protection and the protection of the rights of a larger number of data subjects.

Compensation and Damages for Non-Pecuniary Harm (Section 23)

If the data controller causes damage to another person through the unlawful processing of personal data or by violating data security requirements, it shall be liable to compensate for such damage.

If the data controller infringes the data subject’s personality rights through the unlawful processing of personal data or by breaching data security requirements, the data subject may claim damages for non-pecuniary harm (compensation for moral injury).

The data controller shall be liable to the data subject for damage caused by the data processor and shall also be required to pay compensation for non-pecuniary harm resulting from a violation of personality rights caused by the data processor. The data controller shall be exempt from liability for damages and from the obligation to pay compensation for non-pecuniary harm if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unavoidable event outside the scope of data processing.

No compensation shall be payable, and no claim for non-pecuniary damages may be enforced, to the extent that the damage resulted from the intentional or grossly negligent conduct of the injured party or from conduct infringing their own personality rights.

Final Provisions

In preparing this Privacy Notice, we have taken into account the following legal acts:

– Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Information Act);

– Act CVIII of 2001 on Electronic Commerce Services and Certain Issues of Information Society Services (in particular Section 13/A);

– Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;

– Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities;

– Act XC of 2005 on Electronic Freedom of Information;

– Act C of 2003 on Electronic Communications;

– Opinion No. 16/2011 on the EASA/IAB Recommendation on Best Practice for Online Behavioural Advertising.