Privacy Policy and Notice

Králik and Tsa Kkt.

Introduction

Králik és Tsa Kkt. (hereinafter: Service provider, data manager) submits to the following information.

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.), we provide the following information.

This data management information sheet regulates the data management of the following pages:

The data management information is available from the following page: link

Amendments to the prospectus will take effect upon publication at the above address.

The data controller and its contact details:

Name: Králik and Tsa Kkt.

Headquarters: 2600 Vác, Naszály út 2.

Email: cralusso@cralusso.com

Phone: 06-27-304-327

web: www.cralusso.com

Contact details of the data protection officer:

Name: Károly Králik

Headquarters: 2600 Vác, Naszály út 2.

Email: cralusso@cralusso.com

Telephone: 06-27-304-327

Concept definitions

"personal data": any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

"data management": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;

"data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;

"data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

"recipient": the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or member state law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

"consent of the data subject": the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;

"data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

Principles for handling personal data

Personal data:

its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject ("legality, fair procedure and transparency");

should only be collected for specific, clear and legitimate purposes, and should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes, or for statistical purposes is not considered incompatible with the original purpose ("purpose limitation");

they must be appropriate and relevant for the purposes of data management and must be limited to what is necessary ("data economy");

they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data management ("accuracy");

its storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may only be stored for a longer period if the personal data