JavaScript is required to view this page.

退款规则

Data protection policy

1. Preamble

The purpose of the present Policy is to set out the data protection and data processing principles observed by provider as the operator of the website www.ajka-crystal.com and as data controller in the meaning of applicable legislation (hereinafter referred to as Provider) and to establish Provider’s data protection and data processing policy in the light of applicable regulations, specify the lawful procedures of maintaining filing systems kept with the Provider, and to ensure that data protection principles, and data security requirements are being enforced, and to prevent unauthorized access, modification, and/or public disclosure of data.

It is also the objective of the present Policy to ensure that Provider should offer appropriate information to data subjects (for the purposes of the present Policy the Users of the Website, hereinafter: User) concerning all facts related to the way their data are processed, thus especially the purpose, and legal basis of such data processing, the identity of the person entitled to control, and process data as well as the duration of such processing.

Statutory provisions regulating processing in meaning of the present Policy include especially:

  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information (‘Privacy Act’) – hereinafter: Infotv.;
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter: GDPR regulation
  • Act CVIII of 2001 on Certain aspects of electronic commerce and information society services, and Act CLV of 1997 on Consumer protection

2. Interpretative provisions

data subject: any specific natural person identified or identifiable directly or indirectly using personal details;

personal data (Infotv): data potentially associated with the data subject, including in particular name, and tax ID of the data subject along with one or several pieces of information characterizing their physical, physiological, mental, economic, cultural or social identity – as well as conclusions derived from such data applicable to the data subject.

personal data (GDPR): any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

consent (Infotv.): voluntary, and resolute expression of the intention of the data subject relying on appropriate information, and whereby such person provides their inambiguous agreement to the processing of their personal data with no restrictions or extending to selected transactions;

consent of the data subject (GDPR): ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

objection: statement of the data subject expressing their objection to the processing of their personal data, and requests the termination of such data processing, and/or the deletion of such processed data;

data controller (Infotv.): a natural or legal entity or organization with no legal personality who/that determines the purpose of processing the data in question independently or together with others, makes the decisions regarding processing (including the equipment used), and executes such decisions or ensures that the data processor executes them;

data controller (GDPR): means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

data processing (Infotv.): any individual transaction or the totality of transactions performed on data regardless of the procedure applied including in particular their collection, selection, recording, systemization, storage, modification, use, query, transfer, public disclosure, harmonization, or linking, blocking, deletion and destruction, and prevention of further use of data, creation of photograph, recording voice or picture, or recording physical features (e.g. finger or palm print, DNS sample, iris pictures);

date processing (GDPR): means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

data transfer: rendering the data accessible to a specific third party;

public disclosure: rendering the data accessible to anyone;

data deletion: rendering data unrecognizable in a way that their restoration should be no longer possible;

data marking: adding an identification mark to data with the purpose of distinguishing it;

data blocking: adding an identification mark to data with the purpose of restricting its processing permanently or for a set period of time;

data destruction: full physical destruction of the storage device containing the data;

data processing: performance of technical tasks associated to data processing operations regardless of the method and the equipment used or the location where such use takes place assuming that the technical task is performed on the data;

data processor (Infotv.): a natural or legal person or organization with no legal personality who or that processes data based on a contract including contracts concluded pursuant to a legislative provision;

data processor (GDPR): a natural or legal person, public authority, agency or any other organisation who/that processes personal data on behalf of the data controller;

third party (Infotv.): a natural or legal person, public authority, agency or an entity with no legal personality who/that is not identical with the data subject, the data controller or the data processor;

third party (GDPR): means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

3. The Provider as data controller (data, contacts, etc. of data controller)

Provider as data controller shall provide the following information/data pursuant to article 13 of GDPR:

Company name: KERINGATLAN Kft.

Registered office: 1025, Budapest Palatinus utca 1.

Website: www.ajka-crystal.com

Contact: Vincze Karina

E-mail: vincze.karina@ajkacrystal.hu

Data protection requests: if you have any questions or requests regarding data processing please send them by conventional or electronic mail to either of the above address (postal or electronic). We will send our response within no more than 30 days to the address of your choice.

Data processing: Provider does not employ a data processor for the purposes of data processing.

4. Data processing by Provider, data processing principles, the legal basis of data processing

4.1. Data processing by Provider, data processing principles 

The primary task of Provider as data controller is to define the set of personal data of natural and legal persons processed by him or her, and the way in which data are controlled, ensure compliance with data protection principles and data security requirements, prevent unauthorized access to and modification of data, and unauthorized public disclosure or use.

In order to perform his or her obligations set out in applicable legislative provisions Provider shall, with the consent given by User in accordance with the present Policy, and in regard to the services used by User record and store personal data given by User voluntarily following due information provided to the latter, with the purpose of using Provider’s services. Following the period specified in the present Policy, and in applicable legislation Provider shall ensure that personal data are automatically deleted. Personal data processed exclusively with the consent of User shall be immediately deleted by Provider at User’s request.

Provider must act in accordance with the requirements of good faith and integrity, in cooperation with the persons concerned. Provider must exercise his or her rights and perform his or her obligations in accordance with the intended purpose of such rights and obligations.

Personal data shall preserve its personal status throughout processing as long as it can be traced back to User. The relation with the User as data subject is restorable if Provider as data controller has the technical means required by such restoration.

Provider shall act with due diligence in processing, and storing personal data. In the areas of information security provider shall apply the most effective, and most recent equipment and procedures reasonably available. Provider shall protect the data by appropriate measures, especially against unauthorized access, modification, transfer, public disclosure, deletion, or destruction or inadvertent annihilation and damage, and against inaccessibility resulting from a change in the technology applied.

Provider must not obtain information of User’s bank card details.

Provider wishes to inform User that the system behind the service may contain links to websites not operated by Provider, and data protection rules on such other websites may differ from the data protection rules of the present Policy, and Provider shall not assume liability therefor.

Provider states that all data processing related to his or her activity complies with requirements set out in the present Policy and in applicable legislation.

4.1.1. Preliminary information 

The User must be informed clearly, in plain language, and in detail concerning all facts regarding the processing of his or her data including especially the purpose, and legal basis of such data processing, the identity of the person entitled to control and process the data, the time of such data processing, and whether the data controller processes the data of the data subject with the latter’s voluntary, and clear, and informed consent in to enable the data controller to perform a legal obligation applicable to data controller or to enable a third party to exercise his or her legitimate interest, and regarding who has right to access the data. Such information must also include the data subject’s rights and legal remedies related to data processing.

4.1.2. Specific purpose

Provider shall use personal data instrumentally required for providing his or her services exclusively for a given purpose, and processes such data in order to exercise a right, and perform an obligation.

In each case where Provider wishes to use the personal data provided for a purpose other than the purpose of the original collection, Provider must inform User of that intention, and obtain User’s prior express consent, and offer an opportunity of prohibiting such use.

4.1.2.1. The basic purposes of data processing

  • Identification of User as the party using the service, and maintenance of contact;
  • Performing the service that User wishes to use;
  • Processing, filing, and investigating complaints, reports, requests, etc.
  • Gaining effect to claims deriving from an existing legal relation 

4.1.3. Data processing principles in accordance with the GDPR 

Provider observes the following principles of controlling personal data as established in article 5 of GDPR:

  • lawfulness, fairness and transparency 
  • purpose limitation 
  • data minimisation 
  • accuracy
  • storage limitation 
  • integrity and confidentiality 
  • accountability 

4.2. The legal basis of data processing

The legal basis of data processing includes primarily article 5 of paragraphs a) and b) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv), and the voluntary and clear consent of the data subject based on specific information pursuant to the GDPR, the requirement of performing a contract as well as the provisions of article 13/A of Act CVIII of 2001 on Certain aspects of electronic commerce and information society services.

Processing of personal data by Provider shall be lawful only if and to the extent that at least one of the following applies:

a) User has given consent to the processing of his or her personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which User is party or in order to take steps at the request of User prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the Provider is subject; 

d) processing is necessary in order to protect the vital interests of User or another natural person; 

e) processing is necessary for the purposes of the legitimate interests pursued by the Provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child /GDPR article 6 paragraph (1)/.

4.3. The terms of providing consent

Where processing is based on consent, the Provider shall be able to demonstrate in case of doubt that User has consented to the processing of his or her personal data.

If the data subject's consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. That must be brought to User’ attention before User gives his or her consent. Withdrawal of consent must be made equally easy to provision of consent. 

5. Personal data processed by Provider, the legal basis, purpose, mode, and duration of data processing with respect to the individual types of personal data 

Provider shall not verify personal data provided to it, and the person providing such data shall be exclusively liable for their validity. Upon providing his or her email address User shall assume liability for being the only person to use the service from that email address. If User provides personal data other his or her own, he or she shall be obliged to obtain the consent of the data subject.

In specific phases of using the website, and in the course of taking advantage of Provider’s services the following data will be processed:

5.1. Technical data

Automatically generated data of User’s computer upon visiting the website that are automatically logged upon signing on or signing off without specific statement or act by User. Such data shall not be linked with other personal User data subject to compulsory exceptions required by applicable legislation. Data are accessible exclusively for Provider.

During visiting the website some information will be recorded from the visitor’s computer. Visitor’s IP address, the name of the browser software used (e.g. Internet Explorer) as well as the web address of the site from which visitor lands on our site shall be recorded following notification, and will be stored until otherwise requested. The server will store such data for a maximum period of one month.

If such data cannot be traced back identifiably to a specific private individual, the process shall not qualify as the processing of personal data.

5.2. Cookies

Upon visits to our website Website store one or several cookie on User’s computer required for the appropriate operation of the website and the related services.

For more information and our cookie policy please click HERE.

5.3. Data processing related to newsletters containing / not containing advertisements

Under article 6 of Act XLVIII of 2008 on the Essential conditions of and certain limitations to business advertising activity User may give his or her prior and express consent to receiving Provider’s messages containing commercial offers or other mail, and contact User  at the contacts provided on registration, and – bearing in mind the provisions of the present Policy – may also agree that Provider should process his or her personal data required by sending commercial offers.

If User subscribes to Provider’s newsletter on the website also containing advertisements, he or she thereby voluntarily consents to the processing of the following of his or her personal data:

  • E-mail address

The purpose of data processing: maintenance of contact, sending of electronic mail to User, updates concerning products, discounts, new functions, etc.

Mode of data processing: recording, storage

Data subjects: Users who subscribe to the newsletter by providing their email address

Duration of data processing: In regard to newsletters Provider shall process User’s data provided upon subscribing to the newsletter until User unsubscribes from the newsletter by clicking the sign ‘unsubscribe’ at the bottom the newsletter or requests by email or conventional mail to be deleted from the subscription list. In the event of a request to unsubscribe Provider shall delete all personal data necessary to send advertisement or newsletters from his or her files, and discontinues to contact User with further advertisement or newsletters. Otherwise the period of data processing shall be 36 months.

Processing email addresses serves the purpose primarily of identifying User, performing orders, and maintaining contact while using the services, so emails are sent mostly for that purpose. Provider monitors with special attention the legitimacy of the use of email addresses processed by him or her, thus he or she will only use them for e-mailing in the manner specified in the present paragraph (information or advertisements).

In the event of changes in Provider’s services or in the GCTC Provider sends information concerning such changes or concerning Provider’s other similar services to Users in certain cases electronically (by email). However, Provider shall not use these notifications for commercial purposes.

5.4. Registration in the Webshop, performing orders

Provider shall be entitled to use data made available by Webshop customers (hereinafter: Buyer) for the following purposes:

  • perform the order,
  • invoicing,
  • delivering the product,
  • maintain contact with regard to the purchase,
  • complaint processing,
  • document the creation of the contract/order and its terms

Set of data processed: name, delivery address and/or invoice address, phone number, products ordered

Mode of data processing: recording, storage

Data subjects: Customers who registered with the purpose of purchasing, and actually purchased

Legal basis of data processing: Consent of Customers’s legitimate interest in performing the contract

Duration of data processing: Processing of personal data compulsorily provided upon registration or ordering begins by voluntary provision of data, and lasts until such data are deleted at specific request. In the case of non-compulsory data, processing begins with the provision of the data, and lasts until such data are deleted at specific request. In the case of an order the deadline of the lapsing of civil law claims associated to the order is the processing of data.

In the course of data processing all data necessary for delivering the products (name, address) will be handed over to the courier service (currently: TNT).

6. Data transfer, data processing

It is primarily Provider, and Provider’s employees, and appointees that are entitled to access data processed by Provider; such access shall take place only in line with Provider’s instructions, guidance, control, and supervision, and shall be subject to confidentiality obligations, and such employees, and appointees shall not make that data public, and shall not transfer it to third parties. Provider shall transfer personal data to third parties apart from those listed in the present section only with User’s clear consent provided voluntarily based on specific information except for possible statutorily required data transfer.

Transfers:

  • our Webshop runs on Shopify webstore software, thus its Users are subject to the data processing policy of Shopify Inc. available at the following address: https://www.shopify.com/legal/privacy
  • to label the package we use the ShippyPro application during the use of which the data processing policy of ShippyPro by Italian Valley Srls (Registered office address: Via Ricasoli 9 Firenze (Italy) applies to Users available at the following address: https://www.shippypro.com/privacy.html
  • data necessary to deliver the products (name, address) will be transferred to the courier service (currently TNT); the data processing policy of the courier service is available at the following address: https://www.tnt.com/express/hu_hu/site/privacy-policy.html

Provider shall be entitled and obliged to transfer all available personal data lawfully stored by him or her to the competent authority whose transfer is his or her obligation pursuant to legislative provision or legally effective regulatory or judicial resolution or decision. Provider shall not be held accountable for transferring such data, or for any consequence thereof.

Provider reserves the right to employ a data processor based on an open-ended or per-assignment service contract. On-going data processing may be required mostly in processing the paperwork related to client contact management, services, performing obligations, and operating the IT system (e.g. system administrator). Hiring a data processor shall be subject to Act CXII of 2011 on Informational Self-Determination and Freedom of Information along with the relevant provisions of GDPR. Hiring a data processor shall be allowed exclusively on the basis of a written contract that contains all the statutory content elements.

The data processor’s rights and obligations associated with the processing of personal data shall be determined by Provider subject to applicable legislation. Provider shall be responsible for the legitimacy of instructions concerning data processing operations.

The data processor shall be responsible, within his or her job description, and within the limits set by data controller for processing, modifying, deleting, transferring, and disclosing personal data. In performing his or her task, the data processor shall not employ other data processors.

The data processor shall not make independent decisions on major issues of data processing, and must process personal data brought to his or her attention exclusively in accordance with Provider’s instructions, and shall not process data for his or her personal purposes, and shall also store, and retain personal data in accordance with Provider’s instructions.

Provider must negotiate a contract that contains guarantees, and organizational as well as technical measures to ensure that the rights of data subjects should not be harmed as a result of the data processor’s activity, and that the data processor can only have access to personal data if such are indispensable for his or her work.

7. Data security

Provider shall plan and implement data processing operations to ensure the protection of the privacy of Users, and all data subjects.

Provider and perhaps the data processor appointed by him or her as part of his or her job description shall ensure that data are safe, and must take the technical, and organizational measures, and lay down the procedural rules that are required to implement applicable legislative rules.

Data need to be protected by appropriate measures especially against unauthorised access, modification, transfer, disclosure, deletion, or destruction, and also against inadvertent annihilation, damage, and becoming inaccessible due to a change in the technology applied.

Appropriate technical solution must be found to ensure that electronic files managed in a variety of filing systems are protected so that data stored in such filing systems should not be possible to directly link, and trace back to Users unless permitted by legislation.

Upon determining and applying measures to serve data security Provider and data processors shall take into account most recent available technology. From among several possible data processing techniques the one offering a higher level of protection to personal data must be used, except if that would imply a disproportionately great difficulty to data processors.

7.1. Data stored on IT networks

Provider shall, as part of his or her tasks related to IT protection ensure in particular:

  • that there are measures to ensure protection against unauthorized access, more specifically the protection of software and hardware tools, and physical protection (access protection, network protection);
  • measures to ensure restoral of files, more specifically regular backups, and the separate, safe processing of copies (mirroring, running scheduled backups)
  • Action to protect files and/or the physical media on which they are stored, more specifically protection against fire, water, lightning, other natural disasters, and the possibility of restoral after damage was caused by these events (archiving, fire protection).

7.2. Protection against viruses

Networks on which personal data are processed must constantly be protected against viruses.

7.3. Access protection

Provider operates the electronic registration system through an IT program developed specially for this purpose, which complies with data security standards. The program ensures that access to the system should be subject to a specific purpose, and take place under controlled circumstances, and exclusively by such persons as need them to access them as part of their work.

Provider shall endeavor to apply the principle of data minimisation so that some employees, and other persons acting under Provider’s supervision can have access only to whatever personal data they need.

7.4. Paper based data processing 

Provider shall take the necessary measures to ensure paper based records are protected especially as regards physical safety, and fire protection.

Employees, and other persons acting in the interest of Provider shall keep safely the electronic media used or possessed by them containing also personal data regardless of the manner in which data was saved on them, and must protect them against unauthorized access, modification, transfer, disclosure, deletion or destruction, and inadvertent destruction as well as damage.

The following measures must be taken to ensure safety of these data:

  • Fire protection, and protection of physical property: paper documents must be stored in a properly lockable room equipped with protection against fire, and property damage.
  • Access protection: Only competent clerical staff, and their supervisors are allowed access to documents processed.

8. Security breach

Provider must report all security breaches no later than 72 hours of such news being brought to his or her attention to the data protection authority and to the persons concerned by such security breach except if such security breach is unlikely to cause threat to the rights and freedom of natural persons.

9. Filing systems

Provider maintains files of all data processed by him or her.

10. Rights of User, enforcement of rights, damages

Provider shall assist Users in exercising his or her rights.

11. Rights of User

11.1. Right to transparent provision of information and communication

User shall be entitled to request and receive concise, clear, intelligible, and easily accessible information of the processing of his or her personal data. Provider shall give such information to User in writing or otherwise including electronic channels free of charge, without undue delay but latest within a month of receipt of such request. Information provided may be also oral if so requested by User assuming that the personal identity of the data subject has been otherwise documented.

Provider shall inform User of the measures taken following learning the content of User’s request.

11.2. Right of access

User shall be entitled to received information from Provider on whether User’s personal data are being processed, and if so, User shall be entitled to access to such personal data, and receive information concerning the objective of such data processing, the categories of personal data involved, the list of persons to whom the personal data have been disclosed, the duration of data processing, the rights of User including the right of complaint.

Provider shall make a copy of personal data processed available to User. For further copies requested by User Provider may charge a reasonable fee based on administrative costs. If User has submitted the request electronically, information must be made available in widely used electronic format except if the data subject otherwise requests.

The right to request a copy shall not exert an unfavourable effect on other peoples’ rights and responsibilities.

11.3. Right to rectify

User shall be entitled to have his or her inaccurate personal data referring to him or her rectified without undue delay by Provider. Taking into account the objective of data processing User shall be entitled to request complementation of deficient personal data using a complementation statement among others.

11.4. Right to be forgotten

User shall have the right to obtain from Provider the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 

b) User withdraws consent on which the processing is based, and there is no other legal ground for the processing; 

c) User objects to the processing, and there is no legitimate priority reason for data processing; 

d) the personal data have been unlawfully processed;

e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

f) the personal data have been collected in relation to the offer of information society services

11.5. Right to the restriction of processing

User shall have the right to obtain from the Provider restriction of processing where one of the following applies: 

a) the accuracy of the personal data is contested by the data subject, for a period enabling Provider to verify the accuracy of the personal data; 

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; 

c) Provider no longer needs the personal data for the purposes of the processing, but they are required by User for the establishment, exercise or defence of legal claims; 

d) User has objected to processing; in that case restriction applies pending the verification whether the legitimate grounds of Provider override those of the data subject.

11.6. Right to data portability

User shall have the right to receive the personal data concerning him or her, which he or she has provided to Provider, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

a) the processing is based on consent or a contract; and

b) the processing is carried out by automated means.

In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

11.7. Right of objection

User shall be entitled to object the use of his or her personal data if these are used exclusively to ensure a legal obligation applicable to Provider or to gain effect to a legitimate interest of Provider or if the purpose of data processing is direct business generation, public opinion poll or scientific research.

If User should object the use of personal data with the purpose of direct business generation, such personal data must not be used for that purpose in the future.

User’s attention must be called specifically to the right of objection upon the first contact, and the relevant information must be provided clearly, and set apart from any other information.

12. Enforcement of rights

12.1. Complaint

In the event of Provider’s possible breach of law User may file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Correspondence address: 1530 Budapest, P.O Box: 5

Phone: +36 -1-391-1400

Facsimile: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

12.2. Initiating a judicial proceeding

If User disagrees with any of Provider’s decisions, or measures, he or she may file a suit within 30 days of its communication or bringing such decision or measure to User’s attention. The court shall hear the case out of turn.

Adjudicating the case shall belong in the competence of the tribunal. The lawsuit may be begun before the tribunal of the data subject’s permanent or temporary residence depending on the data subject’s decision.

Persons otherwise not having legal capacity may also be parties to the suit. The Authority may intervene in the lawsuit to promote the data subject’s success.

If the court grants the claim it will oblige the data controller to provide information, rectify,  the data, block, delete the data, destroy the decision made through automated data processing, and to respect the data subject’s right of objection, and to issue the data requested by the data recipient.

If the court refuses the recipient’s claim, the data controller shall delete the data subject’s personal data and/or health data within 3 days of the communication of the ruling. Data controller shall also delete such data, if data recipient fails to turn to court within the deadline set.

The court may order the publication of the ruling including data processor’s ID data if the rights of data protection, and of a larger number of data subjects so require.

12.3. Damage compensation

Provider must compensate for the damage caused by the illegal processing or User’s data, or the infringement of the requirements of data security. As opposed to User, Provider shall be responsible also for the damage caused by the data processor. Provider shall be exempt from under liability if he or she manages to prove that the damage was caused by an unavertable fact outside of the area of data processing.

In the event that the damage was caused by victim’s intentional or grossly negligent behavior the damage does not need to be compensated.

13. Miscellaneous provisions 

The present data protection policy shall enter into effect on 1 February 2019, and remain in effect until repealed.

The present data protection policy shall be continuously accessible on the website of www.ajka-crystal.com.

Provider shall be entitled to amend the Data Protection Policy unilaterally. Provider shall notify User of such amendment by publishing it at www.ajka-crystal.com.

User shall accept the entry into force of the amended Data Protection Policy by his or her first use of the services following such amendment of the website.