Barion Pixel

Privacy Policy

Privacy Policy

“LAVINA” Kereskedelmi, Vendéglátóipari és Élelmiszer Ipari Korlátolt Felelősségű Társaság (hereinafter: “the Company”) operates the website www.lavinapekseg.hu (hereinafter: “the Website”). Through its operation of the Website, the Company processes personal data of natural persons who provide personal data to the Company, visit the Website, register on it, or otherwise submit personal information (hereinafter: “Data Subjects”). In connection with data processing, the Company hereby informs Data Subjects about the personal data processed under the circumstances described above, the principles and practices it follows in processing, and the legal rights available to Data Subjects. By giving consent, the Data Subject accepts this Privacy Policy and agrees to the data processing activities specified below. In cases where processing is based on consent, such consent is always voluntary and may be withdrawn at any time by emailing paks@lavinakft.hu or by sending a withdrawal request to the Company at 7030 Paks, Tolnai út 2. This notice is issued in accordance with Act CXII of 2011 on informational self‑determination and freedom of information (“Infotv.”) and Regulation (EU) 2016/679 of the European Parliament and the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”)

Section I.

1.1. Data Controller

  • Company name: “LAVINA” Kft.

  • Registered address: Tolnai út 2., 7030 Paks, Hungary

  • Company registration number: 17‑09‑001972

  • Tax number: 11284657‑2‑17 

1.2. Web Hosting Provider

  • Name: Infornax Szövetkezet

  • Registered address: József Attila utca 9, 8200 Veszprém, Hungary

  • Phone: +36 88 591 100

  • Email: info@infornax.hu 

1.3. Legal Basis

This Policy is prepared in compliance with:

  • the Fundamental Law of Hungary (April 25, 2011),

  • Act CXII/2011 (“Infotv.”),

  • Regulation (EU) 2016/679 (GDPR),
    and relevant Hungarian statutes including the Civil Code, Electronic Signature Act, Labour Code, and other acts related to identification, public data reuse, data protection, administrative procedures, and public data accessibility 

Definitions

Includes definitions of key terms such as: data carrier, personal data, special categories of personal data, genetic data, biometric data, health data, business secret, data register, data asset, affected person (Data Subject), data processing, third party, data protection, data breach, confidentiality breach, access or integrity incidents, data handling, controller, data transfer, data deletion, restriction, DPI officer, profiling, cookies, etc. ‒ all translated in legal compliance with GDPR requirements

Section II.

Rules of Data Processing

2.1. Principles

  • Everyone has the right to protection of personal data and access to public information as guaranteed by the Fundamental Law.

  • GDPR and Infotv. define overarching legal concepts, principles and limitations.

  • Data processing is limited to clear, lawful, purpose‑specific, and minimal data that is relevant and retained for the minimum necessary time. Processing must be fair, lawful and transparent.

  • Accuracy, completeness and up-to-dateness of personal data must be ensured; data must be protected with appropriate technical and organizational measures.

  • Data subjects must be informed if inaccurate, incomplete or outdated data is identified, and such data must be corrected.

  • When the purpose of processing ceases or processing becomes unlawful, data must be deleted, and retention must be regularly reviewed.

  • Disclosure of personal or business secret data to third parties is forbidden unless required by law or with explicit consent.

  • For any outsourced data processing by external parties, the Company ensures confidentiality agreements are signed.

  • If possible, personal data processing should be avoided, and if unavoidable, the Company must prove compliance with the above principles through appropriate procedures and documentation.

  • Data protection tasks are strictly defined by both the law and this Policy. 

2.2. Purpose and Legal Grounds

The purposes of data processing include:

  • compliance with legal obligations,

  • performance of contractual obligations,

  • communication with business partners,

  • potential partner identification, etc.

Legal grounds for data processing:

  • explicit consent of the Data Subject,

  • necessary for contract performance,

  • required by law,

  • legitimate interests of the Controller or third parties, balanced against Data Subjects’ rights.

2.3. Categories of Processed Data

  • The Controller declares that no special categories of personal data under GDPR Art. 9 are processed; any such data received will be immediately deleted.

  • Accuracy of personal data is the responsibility of the Data Subject.

  • Data are processed on the basis of contract and retained until the contractual relationship ends.

  • The Company provides complaint-handling contact information on the Website.

  • Visitor data may be logged to ensure service functionality and abuse prevention; cookies may be issued for audit and traffic analysis; users may disable cookies at any time. The Company does not operate newsletter services.

2.4. Access, Sharing and Transfers

Data access is limited to authorized staff and contracted service providers. Personal data may be transferred to third parties only if legally required or with the Data Subject’s consent.

2.5. Transparency and Communication

Data Subjects receive concise, transparent and easily accessible information about:

  • the Controller’s identity,

  • processing purposes,

  • legal bases,

  • retention periods,

  • data categories,

  • any transfers,

  • Data Subject rights,

  • contact details of the Data Protection Officer (if appointed),

  • consequences of refusal to provide data, etc.

If data is later processed for a different purpose, Data Subjects will be informed in advance.

2.6. Rights of Data Subjects

Under GDPR, Data Subjects have the right to request:

  • information and access to their personal data,

  • correction or completion of data,

  • deletion or restriction (except for mandatory legal processing),

  • objection to processing,

  • judicial review of decisions. 

All requests must be sent to the Data Protection Officer, who processes or forwards them within one month (30 days) in plain language. Refusal must be justified legally and communicated to the Data Subject.

2.7. Rejection Procedure

If a request for correction, restriction or deletion is denied, the Company must notify the Data Subject in writing within one month, explaining factual and legal reasons. The Data Subject is informed of enforcement options, including court or supervisory authority appeals. The Company must report denials to the supervisory authority by January 31 of the following year.

2.8. Legal Remedies

Data Subjects may file civil actions in court for violations of data protection rights. Cases are handled urgently. The court jurisdiction is either the Company’s registered seat or the Data Subject’s residence. The Company bears the burden of proof that data processing complies with the law.

2.9. Data Transfers

Transfers to third parties are allowed only if:

  • required by law, or

  • authorized by the Data Subject.
    All transfers must be documented to demonstrate legal compliance.