Privacy Policy | Weboptim

DATA MANAGEMENT INFORMATION THE RIGHTS OF THE NATURAL PERSON CONCERNED  THE PROCESSING OF YOUR PERSONAL DATA

DATA PROCESSING CLAUSE FOR A CONTRACT WITH A NATURAL PERSON

• The data controller informs the contracting party (hereinafter referred to as the data subject) that the personal data provided in the contract are processed for the purposes of the performance of the contract.
• Recipients of personal data: employees and partners of the Company performing customer service tasks, employees performing accounting and tax tasks, and data processors.
• Duration of storage of personal data: 5 years after termination of the contract.
• The personal data will be transferred for processing to the accounting office appointed by the company for tax and accounting purposes, to the Hungarian Postal Service for postal delivery and to the appointed courier service, and to the company's security agent for asset protection purposes.
• Information on the rights of the natural person concerned and the identity of the data processors can be found in the Data Processing Notice available on the Company's website (in the footer).

TABLE OF CONTENTS

• INTRODUCTION
• CHAPTER I - NAME OF THE CONTROLLER
• CHAPTER II - DESIGNATION OF DATA PROCESSORS
  • Our IT service provider
  • Postal services, delivery, parcel delivery
• CHAPTER III - ENSURING LAWFULNESS OF PROCESSING
  • Processing based on the consent of the data subject
  • Processing based on the performance of a legal obligation
  • Promoting the rights of the data subject
• CHAPTER IV - VISITOR DATA MANAGEMENT ON THE COMPANY'S WEBSITE - INFORMATION ON THE USE OF COOKIES
• CHAPTER V - INFORMATION ON THE RIGHTS OF THE DATA SUBJECT

INTRODUCTION

on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC  REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 (hereinafter referred to as the Regulation) requires that the Controller takes appropriate measures to provide the data subject with all information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in a clear and plain language, and to facilitate the exercise of the data subject's rights. 

The obligation to inform the data subject in advance is also provided for in Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

The following information is provided to comply with this legal obligation.

The information must be published on the company's website or sent to the person concerned on request.

CHAPTER I

NAME OF THE CONTROLLER

The publisher of this information is also the Data Controller:

Company name: Weboptim Rendszerház Kft

Location: 1141 Tihamér u. 26.

Company registration number: 01 09 927072.

Tax number: 14942437242

E-mail address: info@weboptim.hu

 (hereinafter referred to as "the Company")

 II. CHAPTER 2

NAME OF DATA PROCESSORS

Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; (Article 4(8) of the Regulation)

 The use of a processor does not require the prior consent of the data subject, but the data subject must be informed. Accordingly, the following information is provided:

1. Our IT service provider

For the maintenance and management of its website, our Company uses a data processor who provides IT services (hosting service) and, within the framework of this service, processes the personal data provided on the website for the duration of our contract with him/her, and the operation performed by him/her is the storage of personal data on the server.

This data processor is called:

Company name: Websas Kft

Company Data: http://www.ceginformacio.hu/cr9311169286

CHAPTER III

ENSURE THE LAWFULNESS OF PROCESSING

1. Processing based on the data subject's consent

 (1) Where the Company intends to carry out data processing based on consent, the data subject's consent to the processing of his or her personal data shall be obtained by means of a request for consent in accordance with the content and information set out in the data processing policy.

(2) Consent shall also be deemed to be given if the data subject ticks a relevant box when viewing the Company's website, makes relevant technical settings when using information society services, or makes any other statement or takes any other action which, in the relevant context, clearly indicates the data subject's consent to the intended processing of his or her personal data. Silence, ticking a box or inaction therefore does not constitute consent.

(3) Consent shall cover all processing activities carried out for the same purpose or purposes. Where processing is carried out for more than one purpose, consent shall be given for all the purposes for which the processing is carried out.

(4) Where the data subject gives his or her consent in the context of a written statement which also relates to other matters, such as the conclusion of a sales or service contract, the request for consent must be presented in a manner clearly distinguishable from those other matters, in a clear and easily accessible form, in clear and plain language. Any part of such a statement containing the consent of the data subject which is in breach of the Regulation shall not be binding.

(5) The Company may not make the conclusion or performance of a contract conditional on the consent to the processing of personal data that are not necessary for the performance of the contract.

(6) The withdrawal of consent shall be made possible in the same simple manner as the granting of consent.

(7) Where the personal data have been collected with the consent of the data subject, the controller may process the collected data for the purpose of complying with a legal obligation to which the data subject is subject, unless otherwise provided by law, without further specific consent and even after the withdrawal of the data subject's consent.

2. Processing based on the performance of a legal obligation

(1) In the case of processing based on a legal obligation, the scope of the data to be processed, the purpose of the processing, the duration of the storage of the data and the recipients shall be governed by the provisions of the underlying legislation.

(2) The processing based on the legal ground of performance of a legal obligation is independent of the consent of the data subject, since the processing is determined by law. In such cases, the data subject shall be informed before the processing starts that the processing is mandatory and shall be provided with clear and detailed information on all the facts relating to the processing of his or her data, in particular on the purposes and legal basis of the processing, the identity of the controller and of the processor, the duration of the processing, whether the controller is processing the personal data of the data subject on the basis of a legal obligation to which the data subject is subject and the recipients of the data. The information should also cover the rights and remedies of the data subject in relation to the processing. In the case of mandatory processing, the information may also be provided by making public a reference to the legal provisions containing the foregoing information.

3. Promoting the rights of the data subject

The Company shall ensure the exercise of the rights of the data subject in all its processing.

CHAPTER IV

VISITOR DATA MANAGEMENT ON THE COMPANY'S WEBSITE -  INFORMATION ON THE USE OF COOKIES

1. The visitor to the website must be informed on the website about the use of cookies, and - to the extent technically necessary except session cookies - your consent must be sought.

 2. General information about cookies

2.1 A cookie is a piece of data that the visited website sends to the visitor's browser (in the form of a variable name value) so that it can store and later load the content of the same website. A cookie can be valid until the browser is closed, or indefinitely. In subsequent HTTP(S) requests, the browser will also send this data to the server. In this way, the data on the user's computer is modified.

2.2 The point of a cookie is that website services inherently need to be able to identify a user (e.g. that they have entered the site) and to be able to manage them accordingly. The danger is that the user may not always be aware of this and may be tracked by the website operator or other service provider whose content is embedded in the site (e.g. Facebook, Google Analytics), thereby creating a profile of the user, in which case the content of the cookie may be considered personal data.

2.3. Types of cookies:

2.3.1. technically necessary session cookies: without which the site would simply not function, these are needed to identify the user, e.g. to manage whether they have logged in, what they have added to their shopping cart, etc. This is typically a session ID, the rest of the data is stored on the server, which is more secure. There is a security aspect, if the session cookie value is not generated correctly then there is a risk of a session hijacking attack, so it is imperative that these values are generated correctly. Other terminology calls session cookies all cookies that are deleted when you exit the browser (a session is a browser session from start to exit).

2.3.2.Usage cookies: these are cookies that remember the user's choices, for example, how the user wants to view the site. These types of cookies are essentially the preferences data stored in the cookie.

2.3.3 Performance cookies: although they have little to do with "performance", this is usually the name given to cookies that collect information about the user's behaviour, time spent on a website, clicks and clicks. These are typically third-party applications (e.g. Google Analytics, AdWords, or Yandex.ru cookies). They can be used to profile the visitor.

You can find out more about Google Analytics cookies here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

You can find out more about Google AdWords cookies here:

https://support.google.com/adwords/answer/2407785?hl=hu

2.4. Acceptance or authorisation of the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to indicate when a cookie is being sent. While most browsers automatically accept cookies by default, these can usually be changed to prevent automatic acceptance and will offer you the choice each time.

To find out about cookie settings for the most popular browsers, click on the links below

• Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
•  Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
• Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
• Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
• Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
• Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
• Safari: https://support.apple.com/hu-hu/HT201265

That said, please note that certain website features or services may not function properly without cookies.

3. Information about cookies used on the Company's website, and the data generated during the visit

3.1.Data processed during the visit: our website may record and process the following data about the visitor and the device used for browsing the website:

• the IP address used by the visitor,
• the browser type,
• the operating system characteristics of the device used for browsing (language set),
• date of visit,
• the (sub)page, feature or service visited,
• click.

This data is kept for up to 365 days and may be used primarily to investigate security incidents.

3.2. Cookies used on the website

3.2.1. Technically indispensable session cookies

The purpose of the processing: to ensure the proper functioning of the website. These cookies are necessary to allow visitors to browse the website, to use its functions smoothly and fully, to use the services available through the website, including, in particular, the annotation of the actions carried out by the visitor on the pages concerned or the identity of the logged in user during a visit. The duration of the processing of these cookies is limited to the current visit of the visitor, and this type of cookie is automatically deleted from your computer at the end of the session or when you close the browser.

The legal basis for this data processing is Article 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.), according to which the service provider may process personal data that are technically necessary for the provision of the service. The service provider must, other things being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only if absolutely necessary for the provision of the service and for the fulfilment of the other purposes specified in this Act, but in this case only to the extent and for the duration necessary.

3.2.1. Usage cookies:

These remember the user's choices, such as what form the user wants the page to take. These types of cookies are essentially the preferences data stored in the cookie.

The legal basis for processing is the consent of the visitor.

Purpose of the processing: To increase the efficiency of the service, improve the user experience and make the website more convenient to use.

This data is rather on the user's computer, the website just accesses it and recognises the visitor. 

3.2.2. Performance cookies:

They collect information about the user's behaviour, time spent on the website visited, clicks. These are typically third party applications (e.g. Google Analytics, AdWords).

Legal basis for processing: consent of the data subject.

Purpose of data processing: analysis of the website, sending promotional offers.

CHAPTER V

INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

 I. A brief summary of the data subject's rights:

• Transparent information, communication and facilitation of the exercise of data subject rights
• Right to prior information - when personal data are collected from the data subject
• Information to the data subject and the information to be provided to him or her where the personal data have not been obtained by the controller from him or her
• Right of access of the data subject
• The right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Obligation to notify the rectification or erasure of personal data or restriction of processing
• The right to data portability
• The right to protest
• Automated decision-making on individual cases, including profiling
• Restrictions
• Informing the data subject about the personal data breach
• The right to lodge a complaint with a supervisory authority (right to official redress)
• Right to an effective judicial remedy against the supervisory authority
• The right to an effective judicial remedy against the controller or processor

II. The rights of the data subject in detail:

1. Transparent information, communication and facilitation of the exercise of data subject's rights

1.1. The controller shall provide the data subject with all information and any particulars relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language, in particular in the case of any information addressed to children. The information shall be provided in writing or by other means, including, where appropriate, by electronic means. At the request of the data subject, information may be provided orally, provided that the identity of the data subject has been verified by other means.

1.2. The controller must facilitate the exercise of the data subject's rights.

1.3. The controller shall inform the data subject, without undue delay and in any event within one month of receipt of the request, of the measures taken in response to the request to exercise his or her rights. This time limit may be extended by a further two months under the conditions laid down in the Regulation, of which the data subject shall be informed.

1.4. If the controller fails to act on the data subject's request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.

1.5. The data controller shall provide the information and the information and action on the rights of the data subject free of charge, but may charge a fee in the cases provided for in the Regulation.

The detailed rules can be found under Article 12 of the Regulation.

2. Right to prior information - where personal data are collected from the data subject

2.1. The data subject shall have the right to be informed of the facts and information relating to the processing before the processing starts. In this context, the data subject shall be informed:

• a) the identity and contact details of the controller and its representative,
• b) the contact details of the Data Protection Officer (if any),
• (c) the purposes for which the personal data are intended to be processed and the legal basis for the processing,
• (d) in the case of processing based on legitimate interests, the legitimate interests of the controller or a third party,
• (e) the recipients to whom the personal data are disclosed and the categories of recipients, if any;
• (e) where applicable, the fact that the controller intends to transfer the personal data to a third country or an international organisation.

2.2. To ensure fair and transparent processing, the controller must provide the data subject with the following additional information:

• (a) the duration of the storage of personal data or, where this is not possible, the criteria for determining that duration;
• (b) the data subject's right to request the controller to access, rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data, and the data subject's right to data portability;
• (c) in the case of processing based on the data subject's consent, the right to withdraw consent at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal;
• (d) the right to lodge a complaint with a supervisory authority;
• (e) whether the provision of the personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract, whether the data subject is under an obligation to provide the personal data and the possible consequences of not providing the data;
• (f) the fact of automated decision-making, including profiling, and, at least in those cases, the logic used and clear information on the significance of such processing and the likely consequences for the data subject.

2.3. If the controller intends to further process personal data for a purpose other than that for which they were collected, the controller must inform the data subject of that other purpose and of any relevant additional information before further processing.

The detailed rules on the right to prior information are set out in Article 13 of the Regulation.

3. Informing the data subject and the information to be provided to him or her where the personal data have not been obtained by the controller from him or her

3.1. If the controller has not obtained the personal data from the data subject, the data subject must be informed by the controller no later than one month after the personal data are obtained; if the personal data are used for the purpose of contacting the data subject, at least at the time of the first contact with the data subject; or, if the data are likely to be disclosed to another addressee, no later than the time of the first disclosure of the personal data, in accordance with the provisions of Article 2. the facts and information referred to in point (2), the categories of personal data concerned and the source of the personal data and, where applicable, whether the data originate from publicly available sources.

3.2. For further rules, see point 2 (Right to prior information) above.

The detailed rules for this information are set out in Article 14 of the Regulation.

4. Right of access of the data subject

4.1. The data subject has the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and related information described in points 2-3 above (Article 15 of the Regulation).

4.2. Where personal data are transferred to a third country or an international organisation, the data subject is entitled to be informed of the appropriate safeguards for the transfer in accordance with Article 46 of the Regulation.

4.3. The controller must provide the data subject with a copy of the personal data processed. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.

Detailed rules on the right of access of the data subject are laid down in Article 15 of the Regulation.

5. A right to rectification

5.1. The data subject shall have the right to obtain from the Data Controller, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her.

5.2. Taking into account the purpose of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

These rules are set out in Article 16 of the Regulation.

6. A the right to erasure ("right to be forgotten")

6.1. The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay at his or her request, and the controller shall be obliged to erase personal data relating to him or her without undue delay if.

• (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• (b) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
• (c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
• d) the personal data have been unlawfully processed;
• (e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
• f) the personal data were collected in connection with the provision of information society services directly to a child.

6.2. The right to erasure cannot be exercised if the processing is necessary

• a) for the exercise of the right to freedom of expression and information;
• (b) to comply with an obligation under Union or Member State law to which the controller is subject or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
• c) on the basis of public interest in the field of public health;
• (d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it; or
• (e) for the presentation, exercise or defence of legal claims.

Detailed rules on the right to erasure are set out in Article 17 of the Regulation.

7. Right to restriction of processing

7.1. Where processing is restricted, such personal data, except for storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

7.2. The data subject shall have the right to obtain restriction of processing by the controller at his or her request if one of the following conditions is met:

• (a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
• (b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
• (c) the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
• (d) the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the controller override those of the data subject.

7.3. The data subject shall be informed in advance of the lifting of the restriction on processing.

The relevant rules are set out in Article 18 of the Regulation.

8. A the obligation to notify the rectification or erasure of personal data or the restriction of processing

The controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject, at his or her request, of these recipients.

These rules can be found under Article 19 of the Regulation.

9. The right to data portability

9.1. Under the conditions set out in the Regulation, the data subject has the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, if.

• (a) the processing is based on consent or on a contract; and
• (b) the processing is carried out by automated means.

9.2. The data subject may also request the direct transfer of personal data between controllers.

9.3. The exercise of the right to data portability shall be without prejudice to Article 17 of the Regulation (Right to erasure ("right to be forgotten"). The right to data portability shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This right shall not adversely affect the rights and freedoms of others.

The detailed rules are set out in Article 20 of the Regulation.

10. A right to protest

 10.1. The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data based on the public interest, the performance of a public task (Article 6(1)(e)) or a legitimate interest (Article 6(f)), including profiling based on those provisions. In such a case, the controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

10.2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.

10.3. These rights must be explicitly brought to the attention of the data subject at the latest at the time of the first contact with the data subject and the information must be clearly displayed separately from any other information.

10.4. The data subject may also exercise the right to object by automated means based on technical specifications.

10.5. Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

The relevant rules are set out in the Article of the Regulation.

11. Automated decision-making in individual cases, including profiling

11.1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

11.2. This entitlement does not apply in the case of a decision to:

• (a) necessary for the conclusion or performance of a contract between the data subject and the controller;
• (b) permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
• (c) based on the explicit consent of the data subject.

11.3. In the cases referred to in points (a) and (c), the controller shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention by the controller, to express his or her point of view and to object to the decision.

Further rules are set out in Article 22 of the Regulation.

12. Restrictions

EU or Member State law applicable to a controller or processor may limit the scope of rights and obligations (Articles 12-22, 34, 5 of the Regulation) by legislative measures if the limitation respects the essential content of fundamental rights and freedoms.

The conditions for this restriction are set out in Article 23 of the Regulation.

13. Informing the data subject of the personal data breach

13.1. If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller must inform the data subject of the personal data breach without undue delay. This information shall clearly and plainly describe the nature of the personal data breach and shall include at least the following:

• (a) the name and contact details of the Data Protection Officer or other contact person who can provide further information;
• (c) describe the likely consequences of the data breach;
• (d) describe the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.

13.2. The data subject need not be informed if any of the following conditions are met:

• (a) the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;
• (b) the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
• c) the information would require a disproportionate effort. In such cases, the data subject shall be informed by means of publicly disclosed information or by a similar measure ensuring that the data subject is informed in an equally effective manner.

Further rules are set out in Article 34 of the Regulation.

14. A the right to lodge a complaint with a supervisory authority (right to official redress)

The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the Regulation. The supervisory authority with which the complaint has been lodged must inform the data subject of the procedural developments concerning the complaint and of the outcome of the complaint, including the right of the data subject to judicial remedy.

These rules are set out in Article 77 of the Regulation.

15. A the right to an effective judicial remedy against a supervisory authority

 15.1. Without prejudice to any other administrative or non-judicial remedy, any natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning him or her.

15.2. Without prejudice to any other administrative or non-judicial remedy, any data subject shall have the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments concerning the complaint lodged or of the outcome of the complaint.

15.3. Proceedings against the supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.

15.4. If proceedings are brought against a decision of a supervisory authority on which the Board has previously issued an opinion or taken a decision under the consistency mechanism, the supervisory authority is obliged to transmit this opinion or decision to the court.

 These rules are set out in Article 78 of the Regulation.

16. Right to an effective judicial remedy against the controller or processor

16.1. Without prejudice to the administrative or non-judicial remedies available, including the right to lodge a complaint with a supervisory authority, every data subject shall have an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data not in accordance with this Regulation.

16.2. Proceedings against the controller or processor shall be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought before the courts of the Member State in which the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in its exercise of official authority.

These rules are set out in Article 79 of the Regulation.

Done at Budapest, 25 May 2018.

Weboptim Rendszerház Kft.