BA-HA-MA’S Élelmiszer nagykereskedelmi Korlátolt Felelősségű Társaság (BA-HA-MA’S Ltd.)
BA-HA-MA’S Ltd. Data protection notice for customers
BA-HA-MA’S Ltd.
BA-HA-MA’S Ltd. (hereinafter referred to as BA-HA-MA’S Ltd., service provider, data controller, Company) acknowledges the content of this legal notice as binding on itself.
The Company commits to ensuring that all data management related to its activities complies with the expectations defined in this policy and the applicable legislation.
BA-HA-MA’S Ltd. is the operator of the website https://www.bahamas.hu/.
BA-HA-MA’S Ltd. reserves the right to change this notice at any time. Of course, any changes will be communicated in a timely manner.
BA-HA-MA’S Ltd. is committed to protecting the personal data of its customers and partners, and considers the respect of its customers' right to informational self-determination as paramount. The Data Controller treats personal data confidentially and takes all security, technical, and organizational measures that guarantee data security.
BA-HA-MA’S Ltd. outlines its data management principles below and presents the expectations it has set for itself as a data controller, which it adheres to. Its data management principles are in line with the applicable data protection laws, including but not limited to:
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information;
Act V of 2013 on the Civil Code (Ptk.);
Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grt.);
Act CVIII of 2001 on Electronic Commerce and on Information Society Services (Ekertv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “GDPR”).
Company Details:
We inform you that BA-HA-MA’S Ltd.
The following information is provided regarding our data processing activities.
4.1. Request for Quotation, Direct Inquiry
Interested parties have the opportunity to make direct inquiries to our Company by sending an electronic mail to the Company's address (rendeles@bahamas.hu) or by phone.
Purpose of Data Processing:
To maintain contact with the data subject and to promote closer and more effective communication and cooperation between the data subject and our Company.
Legal Basis for Data Processing:
Legitimate interest – GDPR Article 6(1)(f)
Scope of Personal Data Processed:
Name of the requester/contact person; email address, phone number, and any other information provided by the data subject.
Duration of Data Processing:
Until the validity of the offer or until the data subject objects.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Indication of Legitimate Interest:
The legitimate interest of our Company is the processing of the data subject’s data for direct business acquisition.
Data Subjects Affected by Data Processing:
Partners and data subjects directly interested in the Company's services (e.g., via email, phone).
4.2. Request for Quotation, Inquiry via the Website [http://www.bahamas.hu/ujkapcsolatoldal.html]
Our company provides the opportunity for interested parties to request quotes and inquire about our company's products and services electronically.
Purpose of Data Processing:
To maintain contact with the data subject and to promote closer and more effective communication and cooperation between the data subject and our Company.
Legal Basis for Data Processing:
The data subject’s voluntary consent – GDPR Article 6(1)(a). By ticking the checkbox on the website, the data subject gives their voluntary consent to the processing of their personal data.
Scope of Personal Data Processed:
Name of the inquirer, email address, and other information provided by the data subject (under message).
Duration of Data Processing:
Until the validity of the offer or until the consent is withdrawn.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Data Subjects Affected by Data Processing:
Partners and data subjects interested in the Company's services and products via the website.
4.3. Data Processing Related to Follow-up on Requests for Quotations
Purpose of Data Processing:
The legitimate interest of the data controller in keeping the data of the data subject beyond the validity period of the quotation for the purpose of direct business acquisition.
Legal Basis for Data Processing:
Legitimate interest of the data controller, GDPR Article 6(1)(f).
Scope of Personal Data Processed:
Contact person's last name and first name; phone number; email address.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Duration of Data Processing:
Until the data subject objects.
Indication of Legitimate Interest:
Establishing business relationships with partners, accurate information and notification to the data subjects. The legitimate interest of our Company in processing the data of the data subject for direct business acquisition.
Data Subjects Affected by Data Processing:
Recipients of quotations previously issued by the Company, including the contact person(s) listed therein.
4.4. Product Ordering
Purpose of Data Processing:
The processing and recording of data necessary for the fulfillment of the contract/order.
Legal Basis for Data Processing:
Contract/order fulfillment – GDPR Article 6(1)(b).
Scope of Personal Data Processed:
Duration of Data Processing:
8 years following the completion of the order.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Possible Consequences of Failure to Provide Data:
If data is not provided, it may result in the inability to establish a contract and place a product order between the data subject and our Company. Providing data is a prerequisite for entering into the contract.
Data Subjects Affected by Data Processing:
Partners placing orders with BA-HA-MA’S Ltd. (via email, phone), data subjects (placing orders is only possible after prior registration).
4.5. Processing Contact Person Data in Client Contracts (in case of contracts with legal entities)
Purpose of Data Processing:
To handle contact information in contracts concluded with clients; to facilitate quick, accurate, and efficient communication with the client.
Legal Basis for Data Processing:
Legitimate interest – GDPR Article 6(1)(f).
Scope of Personal Data Processed:
Contact person's name, corporate email address, phone number.
Duration of Data Processing:
8 years following the termination of the contract.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees, the designated colleagues of the data processor(s), and the contractual client’s relevant employees can access the recorded data.
Indication of Legitimate Interest:
The legitimate interest of our Company in managing the data of the contact person in client contracts (name, corporate email address, phone number). The ability to communicate with the contact person on the specified communication channels for the fulfillment of the contract.
Data Subjects Affected by Data Processing:
The data subjects specified in the contract concluded between the Company and the client.
4.6. Processing Client Data in Contracts with Individual Entrepreneurs
Purpose of Data Processing:
To handle contact information in contracts concluded with individual entrepreneurs, ensuring the effective management of the company's accounts receivable processes.
Legal Basis for Data Processing:
Legitimate interest – GDPR Article 6(1)(f).
Scope of Personal Data Processed:
Individual entrepreneur: mother's name, birth name, place of birth, date of birth.
Duration of Data Processing:
8 years following the termination of the contract.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees, the designated colleagues of the data processor(s), and the contractual client's relevant employees can access the recorded data.
Indication of Legitimate Interest:
The legitimate interest of our Company in managing the data of the client in contracts with individual entrepreneurs (mother's name, birth name, place of birth, date of birth). These data are necessary for submitting potential payment reminders – for individual entrepreneur clients.
Data Subjects Affected by Data Processing:
Data subjects specified in the contract concluded between the Company and the client (only individual entrepreneurs).
4.7. Newsletter Registration
Purpose of Data Processing:
Sending email newsletters containing commercial advertisements to interested parties, providing information on current updates.
Legal Basis for Data Processing:
The data subject’s prior, voluntary consent – GDPR Article 6(1)(a). By checking the checkbox on the website, the data subject voluntarily consents to the processing of their personal data. In the case of paper-based consent, the data subject gives their voluntary consent by signing the "Consent Statement."
Scope of Personal Data Processed:
Name, email address, signature (only for paper-based consent).
Duration of Data Processing:
Until the consent is withdrawn or the data subject unsubscribes from the newsletter.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Data Subjects Affected by Data Processing:
Partners and data subjects who subscribe to the Company's electronic newsletter.
Withdrawal of Consent:
The Company treats data as confidential and handles it according to the consent withdrawal. Based on the withdrawal of consent, the processed data will be deleted from the newsletter database within a maximum of 7 days, after which no newsletters will be sent.
Unsubscribing from the Newsletter:
Data subjects can unsubscribe from the newsletter by sending an email to bahamas1@invitel.hu, making a recorded phone call, or clicking on the unsubscribe link in the newsletter.
Data Subjects Affected by Data Processing:
Partners who register for the Company's electronic newsletter.
4.8. Webshop Registration (http://www.bahamas.hu/regisztracio.html)
Purpose of Data Processing:
Interested parties have the opportunity to place orders through the webshop operated by the Company. The use of the webshop requires registration. During the registration, the data subject creates their own account.
Purpose of Data Processing:
To keep records of orders, distinguish them from each other, and fulfill the orders.
Legal Basis for Data Processing:
Voluntary consent – GDPR Article 6(1)(a). By checking the checkbox on the website, the data subject voluntarily consents to the processing of their personal data.
Scope of Personal Data Processed:
Duration of Data Processing:
Until the consent is withdrawn or the data subject's account is deleted.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Data Subjects Affected by Data Processing:
Data subjects who create an account in the BA-HA-MA’S Ltd. webshop.
4.9. Data Processing Related to the Use of Webshop Services
Purpose of Data Processing:
To provide webshop services to the data subjects or the organizations they represent, allowing them to manage their purchases.
Legal Basis for Data Processing:
Contract/order fulfillment – GDPR Article 6(1)(b).
Scope of Personal Data Processed:
Duration of Data Processing:
Until the termination of the contract or the deletion of the user profile by the data subject.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Possible Consequences of Failure to Provide Data: If data is not provided, the user will not be able to use the Webshop service. Providing data is a prerequisite for using the service.
Data Subjects Affected by Data Processing:
Data subjects who use the E-Shop application.
4.10. Ordering through the Webshop
Purpose of Data Processing:
Interested parties have the opportunity to place orders through the webshop operated by the Company.
Purpose of Data Processing:
To process the data necessary for the fulfillment of subscriptions or orders.
Legal Basis for Data Processing:
Contract/order fulfillment – GDPR Article 6(1)(b).
Scope of Personal Data Processed:
8 years following the completion of the order.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Possible Consequences of Failure to Provide Data
If data is not provided, it is not possible to establish a contract or place a product order between the data subject and our Company.
Providing data is a prerequisite for entering into the contract.
Data Subjects Affected by Data Processing:
Partners and data subjects who place orders through the webshop for BA-HA-MA’S Ltd.
4.11. Issuing Invoices (for Natural Persons)
Purpose of Data Processing:
Issuing invoices to the payer, fulfilling legal requirements.
Legal Basis for Data Processing:
According to legislation – 2000. Act C, Section 166 (1).
Scope of Personal Data Processed:
Duration of Data Processing:
Until the statutory retention period defined in the accounting law – 2000. Act C, Section 169 (2).
Possible Consequences of Failure to Provide Data:
Providing data is mandatory.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Data Subjects Affected by Data Processing:
Those data subjects to whom the data controller issues an invoice.
4.12. Operation of "Web Customer Service" (http://www.bahamas.hu/tanacsadas.html)
Purpose of Data Processing:
Our company provides an opportunity for interested parties to make inquiries electronically about our products and services.
Purpose of Data Processing:
To create a unified public information platform to assist data subjects and interested parties in obtaining information about the company's products and services.
Legal Basis for Data Processing:
The data subject’s voluntary consent – GDPR Article 6(1)(a).
Scope of Personal Data Processed:
Name of the inquirer, email address, and other information provided by the data subject (under message).
Duration of Data Processing:
Until the consent is withdrawn.
Recipients of Personal Data:
The information provided by the data subjects (only the text part of the message) will be published on the company's website, making it publicly accessible to everyone.
The acquired data (email address) will not be transferred to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Data Subjects Affected by Data Processing:
Partners and interested parties inquiring about the company's products and services through the website.
4.13. Telephone Customer Service
Purpose of Data Processing:
To enable telephone communication with the data controller for the user. Recording conversations for communication, orders, error, and complaint reporting purposes.
Legal Basis for Data Processing:
The data subject’s voluntary consent – GDPR Article 6(1)(a). The data controller informs the data subject at the start of the call about the recording and the availability of the data processing notice on www.bahamas.hu. By not terminating the call, the data subject gives their voluntary consent to the recording of the call.
Scope of Personal Data Processed:
Duration of Data Processing:
The data controller retains the data until the end of the year following the call initiation or until the data subject withdraws their consent.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Possible Consequences of Failure to Provide Data:
If the data is not provided, the data controller cannot accept the data subject's call.
Data Subjects Affected by Data Processing:
Data subjects who contact the data controller via phone.
4.14. Complaint Management, Warranty Administration
Purpose of Data Processing:
Investigation and resolution of complaints, and handling warranty claims in the case of complaint reports.
Legal Basis for Data Processing:
Legal obligation – GDPR Article 6(1)(c), fulfilling the obligations specified in the Consumer Protection Act and the Civil Code.
Scope of Personal Data Processed:
Name of the complainant, signature (in case of a paper-based complaint)
Personal data provided during the complaint/report
Duration of Data Processing:
According to the Consumer Protection Act, the data controller is required to retain the data and the related complaint letters for 5 years following the resolution of the complaint.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Possible Consequences of Failure to Provide Data:
If data is not provided, the data controller cannot manage the data subject’s complaints as providing data is mandatory.
Data Subjects Affected by Data Processing:
Data subjects who file complaints with the data controller.
4.15. Site Visit
Purpose of Data Processing:
To maintain food safety on the premises. This applies to visitors performing activities on the manufacturing areas of the site who are not employees.
Legal Basis for Data Processing:
Voluntary consent – GDPR Article 6(1)(a). The data subject gives their voluntary consent by filling out the statement.
Scope of Personal Data Processed:
Duration of Data Processing:
Until the consent is withdrawn, or one year after the visit, after which the data will be deleted.
Recipients of Personal Data:
The data controller does not transfer the acquired data to third parties, except for the data processors mentioned in point 7. Only the data controller's employees and the designated colleagues of the data processor(s) can access the recorded data.
Data Subjects Affected by Data Processing:
Visitors performing activities on the manufacturing areas of the site who are not employees.
4.16. Camera System
Purpose of Data Processing:
Cameras operated on the premises by the data controller for the personal and property safety of the data subjects and for other purposes.
Legal Basis for Data Processing:
Signs informing data subjects of the camera operation.
Scope of Personal Data Processed:
Activities related to the operation of the camera system are defined in the "Property Protection Camera Data Management Information" available at the premises.
4.17. Data Processing Related to IT Services Operation
4.17.1. Technical Data, Website Visit Data
Purpose of Data Processing:
The data controller does not combine the data collected during log file analysis with other information and does not aim to identify the data subjects. The data controller strives to identify the data subjects as little as possible from the collected data.
Scope of Personal Data Processed:
Date, time, IP address of the computer used by the data subject, visited page, data related to the visitor's navigation.
Purpose of Data Processing:
The data controller's system automatically records the IP address of the data subject's computer, the start time of the visit, and in some cases, the type of the browser and operating system depending on the computer settings. These data are stored for a maximum of 30 days, ensuring system security and preventing abuse.
4.17.2. Handling of Cookies
Purpose of Data Processing:
The data controller places small data packets called cookies on the data subject's computer for customized service and reads them during future visits. If the browser sends back a previously saved cookie, the cookie managing service provider can link the data subject's current visit to previous ones, but only concerning its content. Cookies specific to webshops include cookies used for password-protected sessions and security cookies.
Temporary (Session) Cookies:
Purpose of Data Processing:
These cookies ensure that the website operates more efficiently and securely, making them essential for certain functions or applications to work correctly.
Duration of Data Processing:
Active during the website visit and automatically deleted afterward.
Permanent (Persistent) Cookies:
Purpose of Data Processing:
Used to provide a better user experience (e.g., optimized navigation). These cookies are stored in the browser's cookie file for a longer period, depending on the browser settings.
Duration of Data Processing:
Stored in the browser's cookie file for an extended period.
Types of Cookies Used:
Scope of Data Processed:
Does not collect personal data.
Data Subjects Affected:
All data subjects visiting the website.
Purpose of Data Processing:
Differentiating data subjects, identifying their current session, storing data provided during the session, preventing data loss, managing the shopping cart (virtuemart), and ensuring proper navigation.
Duration of Data Processing:
Session cookies last until the end of the website visit, while other cookies last up to a maximum of 2 years.
Deleting Cookies:
The data subject has the right to delete cookies from their computer and can disable the use of cookies in their browser. This can typically be managed in the Tools/Settings menu under Privacy/History/Custom Settings, using terms like cookie, cookie, or tracking.
Third-Party Cookies:
The website may contain information, particularly advertisements, from third parties or advertising service providers not related to the data controller. These third parties may also place cookies, web beacons, or use similar technologies on the data subject's computer to collect data and send targeted advertisements related to their services. In such cases, the privacy policies defined by these third parties apply, and the data controller is not responsible for this data processing.
Any data processing not listed in this notice will be disclosed at the time of data collection. We inform our customers that authorities, public bodies, and courts may request personal data from our company. In such cases, our company will only disclose personal data to the extent necessary to fulfill the request, provided the requesting body specifies the exact purpose and scope of the data.
Our company does not transfer your personal data to third countries or international organizations.
The data controller transfers data to data processors contracted to fulfill the contract.
Categories of Recipients:
System administrator service providers, security service providers (handling audio and video recordings), server hosting, web hosting service providers, sales service providers, marketing consultants, business system developers, and delivery service providers.
The registry of data processors' contact details is available at the company's headquarters.
Our services are not intended for individuals under 16 years of age, and we request that individuals under 16 do not provide personal data to the data controller. If we become aware that we have collected personal data from a child under 16, we will take steps to delete the data as soon as possible, except for data processed under legal requirements.
Our company does not use automated decision-making in its data processing procedures.
Our company's IT systems and other data retention locations are located at our headquarters and on servers provided by the data processor. We select and operate IT tools used for personal data processing during service provision to ensure that the processed data is accessible only to authorized persons (availability); its authenticity and authentication are ensured (data processing integrity); its integrity is verifiable (data integrity); and it is protected against unauthorized access (data confidentiality).
We pay special attention to the security of data and take necessary technical and organizational measures to ensure the guarantees provided by the GDPR. We protect the data, particularly against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, and accidental destruction, damage, or loss of access due to changes in the technology used.
Both our company's and our partners' IT systems and networks are protected against computer-supported fraud, computer viruses, computer intrusions, and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures. Daily backups of data are in place. In case of data protection incidents, we take all possible measures to minimize risks and eliminate damages following our incident management policy.
The data subject can request information about their personal data processing and request correction, deletion, or restriction of processing, except for mandatory data processing, and exercise their right to data portability and objection as indicated at the time of data collection or through the contact details provided above.
The data subject's rights and remedies are detailed in Act CXII of 2011 and EU Regulation 2016/679, as follows:
Right to Information (Right of Access):
Upon request, the data controller provides information about:
Information is provided free of charge if the request pertains to the same data set as a previous request within the same year. In other cases, a fee may be charged. If data processing is unlawful or the request leads to correction, the fee will be refunded.
The data controller must refuse to provide information in specific cases under Act CXII of 2011, including:
If the request is based on a law, international treaty, or mandatory legal act of the European Union that restricts the data subject's rights or data processing.
For the external and internal security of the state, including defense, national security, crime prevention, or prosecution, correctional security, state or municipal economic or financial interests, significant economic or financial interests of the European Union, and to prevent or uncover disciplinary and ethical violations, employment and labor law violations, and other oversight and supervisory activities to protect the rights of the data subject or others.
The data controller must notify the National Authority for Data Protection and Freedom of Information annually about refused information requests by January 31 of the following year.
Right to Rectification:
The data subject has the right to request that the data controller correct any inaccurate personal data concerning them without undue delay. Considering the purpose of data processing, the data subject has the right to request the completion of incomplete personal data, including through a supplementary statement. However, if the personal data is inaccurate and the accurate personal data is available to the data controller, the data controller must correct the personal data without the data subject's request.
Right to Erasure or "Right to be Forgotten":
The data subject has the right to request that the data controller delete their personal data without undue delay, and the data controller is obliged to delete the personal data without undue delay if no mandatory data processing excludes it.
Besides the above case, the data controller must delete the data according to Act CXII of 2011 and Regulation (EU) 2016/679 of the European Parliament and the Council if:
If the data controller has made the personal data public and is obliged to delete it according to the above, taking into account the available technology and the cost of implementation, it will take reasonable steps—including technical measures—to inform other data controllers processing the personal data that the data subject has requested the deletion of links to or copies or replications of those personal data.
The data controller draws the data subjects' attention to the EU regulation's limitations on the right to erasure or the "right to be forgotten," which are as follows:
For exercising the right to freedom of expression and information.
To comply with a legal obligation requiring data processing under Union or Member State law applicable to the data controller, or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller.
For reasons of public interest in the area of public health.
For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of Regulation (EU) 2016/679, where the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing.
For the establishment, exercise, or defense of legal claims.
Right to Restrict Processing:
The data subject has the right to request that the data controller restrict the processing of their data.
If, based on available information, it is presumed that the deletion would harm the data subject's legitimate interests, the data must be restricted. Such restricted personal data may only be processed for as long as the purpose of data processing that excluded the deletion of the personal data persists.
If the data subject disputes the accuracy of the personal data, but the inaccuracy or incorrectness of the disputed personal data cannot be clearly determined, the data must be restricted. In this case, the restriction applies for the period during which the data controller can verify the accuracy of the personal data.
Under the EU regulation, data must be restricted if:
The data processing is unlawful, and the data subject opposes the deletion of the data and requests the restriction of their use instead.
The data controller no longer needs the personal data for data processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims.
The data subject has objected to data processing; in this case, the restriction applies for the period during which it is determined whether the data controller's legitimate grounds override those of the data subject.
If data processing is restricted, such personal data, with the exception of storage, may only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or a Member State.
The data controller draws the data subjects' attention to the fact that the law may restrict the data subject's rights to rectification, erasure, and restriction for reasons of external and internal security of the state, such as national defense, national security, prevention or prosecution of crimes, security of penal institutions, state or municipal economic or financial interests, significant economic or financial interests of the European Union, and for the prevention and detection of disciplinary and ethical breaches related to the exercise of professions, employment, and occupational safety obligations, including all cases of control and supervision, and for the protection of the data subject's or others' rights.
The data controller will inform the data subject without undue delay, at the latest within 30 days from the receipt of the request, about the measures taken or the reasons for not taking action, and the data subject's right to lodge a complaint with a supervisory authority and seek a judicial remedy.
The data controller will
Right to Rectification
The data subject is entitled to have the data controller rectify inaccurate personal data concerning them without undue delay upon request. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement. If personal data is found to be inaccurate and the accurate personal data is available to the data controller, the controller must correct the personal data even without the data subject's request.
Right to Erasure or "Right to be Forgotten"
The data subject has the right to request that the data controller erase their personal data without undue delay, and the data controller is obliged to erase personal data without undue delay if there is no mandatory data processing that excludes it.
Besides the above case, the data controller must delete the data according to Act CXII of 2011 and Regulation (EU) 2016/679 of the European Parliament and the Council if:
The data processing is unlawful.
The data is incomplete or incorrect—and this state cannot be lawfully corrected—provided that the deletion is not excluded by law.
The purpose of data processing has ceased, or the statutory period for data storage has expired.
A court or the Authority orders the deletion of the data.
The personal data is no longer necessary for the purpose for which it was collected or otherwise processed.
The data subject objects to the data processing, and there is no overriding legitimate reason for the data processing.
The personal data must be deleted to comply with a legal obligation applicable to the data controller.
The personal data was collected in connection with the offering of information society services directly to children as referred to in Article 8(1) of Regulation (EU) 2016/679.
If the data controller has made the personal data public and is obliged to delete it according to the above, taking into account the available technology and the cost of implementation, it will take reasonable steps—including technical measures—to inform other data controllers processing the personal data that the data subject has requested the deletion of links to or copies or replications of those personal data.
Limitations on the Right to Erasure or the "Right to be Forgotten" from EU Regulation:
Right to Restrict Processing
The data subject has the right to request that the data controller restrict the processing of their data.
If, based on available information, it is presumed that the deletion would harm the data subject's legitimate interests, the data must be restricted. Such restricted personal data may only be processed for as long as the purpose of data processing that excluded the deletion of the personal data persists.
If the data subject disputes the accuracy of the personal data, but the inaccuracy or incorrectness of the disputed personal data cannot be clearly determined, the data must be restricted. In this case, the restriction applies for the period during which the data controller can verify the accuracy of the personal data.
Under the EU regulation, data must be restricted if:
Right to Data Portability
The data subject has the right to:
The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to Object
The data subject has the right to object to the processing of their personal data, including profiling, if:
The processing or transfer of personal data is necessary solely for the legitimate interests pursued by the data controller or the data recipient, except in cases of mandatory data processing.
The personal data is used or transferred for direct marketing, opinion polling, or scientific research purposes.
The exercise of the right to object is otherwise permitted by law.
The data subject can also object under Article 21(3) of Regulation (EU) 2016/679 against the processing of personal data for direct marketing purposes, in which case the personal data can no longer be processed for this purpose.
If personal data is processed for scientific or historical research purposes or for statistical purposes, the data subject has the right to object to the processing on grounds relating to their particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The data controller, upon receiving an objection, will suspend the processing of the data as soon as possible but within a maximum of 30 days, and inform the data subject in writing of the results. If the objection is well-founded, the data controller will cease processing the data, including further data collection and transfer, and will restrict the data. The data controller will also inform all parties to whom the data has been transferred of the objection and the measures taken, who must then ensure the enforcement of the right to object.
If the data subject disagrees with the decision of the data controller or if the data controller fails to act within the stipulated timeframe, the data subject has the right to seek judicial remedy within 30 days of receiving the decision.
The data subject also has the right to object to automated decision-making.
Judicial Remedies
The data subject can seek judicial remedy if their rights are violated. The court will expedite such cases. The data controller must prove that the data processing complies with legal requirements.
Filing a Complaint
In case of a violation of informational self-determination rights, the data subject can file a complaint with the:
National Authority for Data Protection and Freedom of Information
BA-HA-MA’S KFT. Newsletter Registration Data Management Information
BA-HA-MA’S Kft. (hereinafter referred to as BA-HA-MA’S Kft., service provider, data controller, Company) acknowledges the content of this legal notice as binding upon itself. The Company undertakes that all data processing related to its activities complies with the expectations defined in this policy and applicable legal regulations.
BA-HA-MA’S Kft. operates the website at https://www.bahamas.hu/.
BA-HA-MA’S Kft. reserves the right to change this notice at any time. Naturally, any changes will be communicated to the public in a timely manner.
BA-HA-MA’S Kft. is committed to protecting the personal data of its customers and partners, and it considers the right to informational self-determination of its customers particularly important. The Data Controller treats personal data confidentially and takes all necessary security, technical, and organizational measures to ensure the security of the data.
BA-HA-MA’S Kft. presents its data management principles below and outlines the expectations it has set for itself as a data controller, which it adheres to. Its data management principles are in line with the applicable legal regulations on data protection, particularly the following:
Act CXII of 2011 on the right to informational self-determination and freedom of information;
Act V of 2013 on the Civil Code (Ptk.);
Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising (Grt.);
Act CVIII of 2001 (Ekertv.) on certain issues of electronic commerce services and information society services;
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "GDPR").
Data subject: Any identified or identifiable natural person based on personal data, directly or indirectly.
Personal data: Data related to the data subject, particularly their name, identifier, and one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity, and any conclusions that can be drawn from such data regarding the data subject.
Consent: The data subject’s voluntary and explicit declaration of their intention, based on appropriate information, by which they give their unambiguous consent to the processing of their personal data - in full or for specific operations.
Data controller: A natural or legal person, or an organization without legal personality, who determines the purposes and means of processing personal data, makes and executes decisions regarding data processing (including the means used), or has them executed by a data processor.
Data processing: Any operation or set of operations performed on personal data, regardless of the method applied, such as collection, recording, organization, storage, alteration, use, retrieval, disclosure, alignment, combination, restriction, erasure, or destruction, and the prevention of further use of the data.
Data transfer: Making data accessible to a specified third party.
Disclosure: Making data accessible to anyone.
Data erasure: Making data unrecognizable in such a way that it cannot be restored.
Data processing: Performing technical tasks related to data processing operations, regardless of the methods and means used or the location of application, provided that the technical task is performed on the data.
Data processor: A natural or legal person, or an organization without legal personality, who processes personal data on behalf of the data controller under a contract, including contracts based on legal provisions.
Our company's details and contact information are as follows:
Name: BA-HA-MA’S Kft.
Mailing Address: 2120 Dunakeszi, Pallag utca 55.
Company Registration Number: 13-09-178848
Tax Number: 12245442-2-13
Phone Number: +36 27 548 150
Email: kozpont@bahamas.hu
Data Controller Representative: János Péterszegi – Managing Director
Data Protection Officer Contact: dpo@qualityconsult.hu - Quality Consult Kft.
BA-HA-MA’S KFT. Newsletter Registration Data Management Information
We draw the attention of those providing data to BA-HA-MA’S Kft. that if they do not provide their own personal data, it is the data provider’s responsibility to obtain the consent of the data subject. The data controller is not required to verify the existence of such consent. The data controller informs the partner that if they fail to fulfill this obligation and the data subject asserts a claim against the data controller, the data controller may transfer the asserted claim and related damages to the partner.
The following information is provided regarding specific data processing activities:
4.1. Newsletter Data (For data subjects registered for newsletter sending on bahamas.hu before 2018.05.26, and for email addresses provided for contact purposes)
Purpose of data processing: Sending email newsletters containing economic advertisements to interested parties, providing information on current updates.
Legal basis for data processing: Legitimate interest of the data controller, GDPR Article 6(1)(f).
Source of personal data: Data of data subjects registered on bahamas.hu for newsletter sending, and previously specified contact email addresses (before 2018.05.26).
Scope of personal data processed: Name, email address.
Duration of data processing: Until the data subject objects.
Justification of legitimate interest: Providing newsletters with economic advertisements and business offers to subscribed data subjects. The company’s legitimate interest in processing the data for direct business acquisition.
Recipients of personal data: The data will not be transferred to third parties except for the data processors specified in point 7. Only the employees of the data controller and the designated colleagues of the data processors can access the recorded data.
Unsubscription: Data subjects can unsubscribe at any time by sending an email to marketing@bahamas.hu or by clicking the unsubscribe icon in the newsletter.
Scope of data subjects: Data subjects registered on bahamas.hu for newsletter sending, and contact registrations.
For data processing activities not listed in this notice, information will be provided at the time of data collection. We inform our customers that certain authorities, public bodies, and courts may request personal data from our company. Our company will only disclose personal data to such bodies to the extent and degree necessary to achieve the purpose of the request, provided the requesting body specifies the exact purpose and scope of the data.
Our company does not transfer your personal data to third countries or international organizations.
The data controller transfers the data to contracted data processors for the fulfillment of the contract during data processing.
Categories of recipients: System administrator service providers, server hosting, web hosting service providers, administrative system development service providers.
The registry of data processors' contact details is available at the company’s headquarters.
Our services are not intended for individuals under the age of 16, and we request that individuals under 16 do not provide personal data to the data controller. If it comes to our knowledge that we have collected personal data from a child under 16, we will take steps to delete the data as soon as possible, except for data processing required by law.
Our company does not use automated decision-making in its data processing activities.
The Company’s IT systems and other data storage locations are located at the headquarters and on servers provided by the data processor. We select and operate IT tools used for personal data processing during service provision in a way that ensures the processed data is:
We pay particular attention to data security, take technical and organizational measures, and establish procedural rules necessary to enforce GDPR guarantees. Data is protected against unauthorized access, alteration, transmission, disclosure, deletion, destruction, accidental destruction, damage, and inaccessibility due to technological changes.
Our company and its partners’ IT systems and network are protected against computer-assisted fraud, computer viruses, computer intrusions, and service-denial attacks. The operator ensures security through server-level and application-level protection procedures. Daily security backups of the data are provided. To avoid data protection incidents, our company takes all possible measures, and in case of such an incident – according to our incident management policy – we act immediately to minimize risks and mitigate damages.
BA-HA-MA’S KFT. Data Subject Rights and Legal Remedies
Data subjects have the right to request information about the processing of their personal data, as well as to request the correction, deletion (with exceptions for mandatory data processing), withdrawal, data portability, and objection to their personal data at the time of data collection or through the above contact details of the data controller.
The rights and legal remedies of data subjects are defined by Act CXII of 2011 and the EU Regulation 2016/679 and are communicated to the data subjects as follows:
The Right to Information (Access Right)
Under Article 15 of the GDPR and Act CXII of 2011, data subjects can request information from the Data Controller regarding:
The information is provided free of charge if the requester has not submitted an identical request for information regarding the same data within the current year. In other cases, a cost may be established. Any previously paid costs must be refunded if the data were processed unlawfully or if the request for information leads to correction.
Right to Rectification
Data subjects have the right to request the correction of inaccurate personal data concerning them without undue delay. Considering the purpose of the data processing, data subjects have the right to request the completion of incomplete personal data, including through a supplementary statement. If the personal data do not reflect the truth and the correct personal data are available to the Data Controller, the Data Controller is obliged to correct the personal data without the data subject’s request.
Right to Erasure (Right to be Forgotten)
Data subjects have the right to request the deletion of their personal data without undue delay, and the Data Controller is obliged to delete the personal data without undue delay if it is not excluded by mandatory data processing.
The Data Controller is obliged to delete the data outside the above cases under Act CXII of 2011 and EU Regulation 2016/679 if:
If the Data Controller has made the personal data public and is obliged to delete it under the above, it will take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure of any links to or copies of that personal data, considering available technology and the cost of implementation.
Right to Erasure (Right to be Forgotten) and Restrictions
Restrictions on the Right to Erasure:
The Data Controller informs the data subjects that the right to erasure or the "right to be forgotten" under the EU Regulation has the following restrictions:
Right to Restrict Processing (Right to Data Restriction)
Data subjects have the right to request the Data Controller to restrict the processing of their personal data under certain conditions:
Protection of Legitimate Interests: If it is likely that the deletion would harm the legitimate interests of the data subject, the data must be restricted. Such restricted data may only be processed as long as the purpose of data processing that necessitated the restriction persists.
Accuracy Disputes: If the data subject disputes the accuracy of the personal data, the data must be restricted until the Data Controller verifies the data’s accuracy.
EU Regulation Requirements for Restriction:
The data must be restricted under the following circumstances:
Additional Information on Data Restriction
If processing is restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The Data Controller must inform data subjects of their right to have the restriction, correction, and deletion of data limited by law for reasons of national security, defense, public security, and the prevention, investigation, detection, or prosecution of criminal offenses, among other concerns.
The Data Controller must notify the data subject without undue delay, and at the latest within one month of receipt of the request, about the action taken or the reasons for not taking action.
Notification of Rectification, Deletion, or Restriction
The Data Controller must notify the data subject of the rectification, deletion, or restriction of data and inform those to whom the data has been previously transferred. Upon the data subject’s request, the Data Controller will provide information about these recipients unless it proves impossible or involves disproportionate effort.
The Data Controller must also inform the data subject if their rights cannot be exercised and must specify the factual and legal reasons, as well as the legal remedies available, such as turning to the court or the National Authority for Data Protection and Freedom of Information (NAIH).
Right to Data Portability
Data subjects have the right to:
When exercising their right to data portability, data subjects have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible.
Given the nature of the Data Controller's data processing activities, the conditions for the exercise of the right to data portability are not met (as there is no automated data processing). Therefore, the data subject cannot exercise this right.
Right to Object
Data subjects have the right to object to the processing of their personal data, including profiling, if:
Data subjects can also object to the processing of their personal data for direct marketing purposes under Article 21(3) of the EU Regulation 2016/679. If a data subject objects to processing for direct marketing purposes, the personal data can no longer be processed for these purposes.
If the processing of personal data is for scientific or historical research or statistical purposes, data subjects have the right to object based on their particular situation, except where the processing is necessary for tasks carried out in the public interest.
The Data Controller must suspend data processing upon receipt of an objection until the objection is resolved. The Data Controller will review and respond to the objection within the shortest possible time, but no later than 30 days. If the objection is justified, the Data Controller will cease the data processing, including any further data collection and transfer, and will restrict the data. The Data Controller will inform those to whom the data were previously disclosed about the objection and subsequent actions, provided it does not impose a disproportionate burden.
If the data subject disagrees with the Data Controller's decision or if the Data Controller fails to meet the response deadline, the data subject can appeal to the court within 30 days of receiving the decision.
Data subjects also have the right to object to automated decision-making, including profiling.
Legal Remedies
Data subjects can seek legal remedies if their rights are violated by contacting the National Authority for Data Protection and Freedom of Information (NAIH) or by filing a complaint in court. The court will handle such cases on a priority basis. The Data Controller is responsible for proving that the data processing complies with legal requirements.
Contact Information for Complaints:
National Authority for Data Protection and Freedom of Information (NAIH)
BA-HA-MA’S KFT. - Supplier and Subcontractor Data Management Information
BA-HA-MA’S Kft. (referred to as BA-HA-MA’S Kft., service provider, data controller, Company), as the data controller, acknowledges the content of this legal notice as mandatory for itself.
The Company undertakes to ensure that all data processing activities related to its operations comply with the requirements specified in this policy and applicable legislation.
BA-HA-MA’S Kft. reserves the right to change this notice at any time. Naturally, it will notify its partners of any changes in due course.
BA-HA-MA’S Kft. is committed to protecting the personal data of its partners, and it considers the respect of its clients' informational self-determination rights to be of paramount importance. The Data Controller treats personal data confidentially and takes all security, technical, and organizational measures necessary to ensure the security of the data.
BA-HA-MA’S Kft. outlines its data management principles below and presents the expectations it has set for itself as a data controller. These principles are consistent with current data protection laws, particularly:
Company details and contact information:
We draw the attention of those providing data to BA-HA-MA’S Kft. that if they do not provide their own personal data, it is their obligation to obtain the consent of the data subject. The Data Controller is not required to verify the existence of such consent. The Data Controller draws the partner's attention to the fact that if this obligation is not met, and as a result, the data subject asserts a claim against the Data Controller, the Data Controller may pass on the asserted claim and any related damages to the partner.
The following information is provided regarding our individual data processing activities:
4.1. Data Processing for Suppliers and Subcontractors
This information aims to present the Company's data processing activities concerning subcontractors/suppliers.
Scope of data subjects: The Company's contracted subcontractors/suppliers.
For data processing not listed in this information, we provide information at the time of data collection. We inform our clients that certain authorities, public bodies, and courts may request personal data disclosure from our company. Our company will only disclose personal data to these entities to the extent necessary to achieve the purpose of the request, provided that the requesting entity has specified the exact purpose and scope of the data, and the disclosure is required by law.
Our Company does not transfer your personal data related to its services to any third country or international organization.
In the case of ordering products from third countries, it may occur that the contact details of the logistics organization managing the shipment are transferred to the product manufacturer/distributor. In such cases, the transfer of the data subject's data is based on the data subject's voluntary and explicit written consent.
The Data Controller transfers data to the data processor(s) contracted for the performance of the contract.
Categories of recipients: IT service provider, business administration system developer/support
Our services are not intended for persons under the age of 16, and we request that persons under 16 do not provide personal data to the Data Controller. If it comes to our attention that personal data has been collected from a child under 16, we will take steps to delete the data as soon as possible, except for data processing required by law.
Our Company does not use automated decision-making processes in its data management procedures and data collection.
Our Company's IT systems and other data storage locations are located at the headquarters and on servers provided by the data processor. We select and operate the IT tools used to process personal data in the course of providing the service so that the processed data:
We pay special attention to data security, taking technical and organizational measures and establishing procedures necessary to enforce GDPR guarantees. We protect the data with appropriate measures, particularly against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction, damage, and inaccessibility due to technology changes.
Our Company's and partners' IT systems and networks are protected against computer-aided fraud, computer viruses, computer intrusions, and denial-of-service attacks. The operator ensures security with server-level and application-level security procedures. Daily security backups are implemented. We take all possible measures to avoid data protection incidents and act immediately according to our incident management policy to minimize risks and eliminate damages in the event of such an incident.
Data subjects can request information about the processing of their personal data, request the rectification, deletion, or withdrawal of their personal data, and exercise their data portability and objection rights in the manner indicated at the time of data collection or through the contact information provided above.
Data subjects' rights and remedies are defined and informed to data subjects according to Act CXII of 2011 and EU Regulation 2016/679.
Right to Information (Access):
Under Act CXII of 2011 and Article 15 of EU Regulation 2016/679, the Data Controller provides information upon request regarding:
Information is free of charge if the requester has not submitted an information request to the Data Controller concerning the same set of data in the current year. In other cases, a fee may be charged. The fee already paid must be refunded if the data was processed unlawfully or if the information request led to a correction.
The Data Controller informs the data subjects that information must be refused based on Act CXII of 2011 if:
The Data Controller must notify the National Authority for Data Protection and Freedom of Information annually by January 31 of the following year about the rejected information requests.
Right to Rectification:
The data subject is entitled to have the Data Controller rectify inaccurate personal data concerning them without undue delay upon request. Considering the purpose of the data processing, the data subject has the right to request the completion of incomplete personal data – among others, through a supplementary statement. If the personal data does not correspond to reality, and the Data Controller has the personal data corresponding to reality, the Data Controller must rectify the personal data without the data subject's request.
Right to Erasure or "Right to be Forgotten":
The data subject has the right to have the Data Controller erase personal data concerning them without undue delay upon request, and the Data Controller is obligated to erase personal data concerning the data subject without undue delay if mandatory data processing does not exclude it.
Besides the above case, the Data Controller must delete the data based on Act CXII of 2011 and Regulation (EU) 2016/679 of the European Parliament and the Council if:
If the Data Controller has made the personal data public for any reason and is obliged to delete it as stated above, it will take reasonably expected steps – including technical measures – considering the available technology and the costs of implementation to inform other data controllers processing the personal data that the data subject has requested the deletion of any links to or copies or replications of those personal data.
The Data Controller informs data subjects of the limitations arising from the EU regulation regarding the right to erasure or "right to be forgotten", which are as follows:
Right to Restriction of Processing or "Right to Blocking":
The data subject has the right to request the Data Controller to restrict processing.
If the available information suggests that deletion would harm the legitimate interests of the data subject, the data must be blocked. The blocked personal data can only be processed as long as the data processing purpose that excludes the deletion of the personal data exists.
If the data subject disputes the accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the disputed personal data cannot be clearly determined, the data will be blocked. In this case, the restriction applies to the period enabling the Data Controller to verify the accuracy of the personal data.
The data must be blocked under EU regulation if:
If data processing is subject to restriction (blocking), such personal data, except for storage, may only be processed with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
The Data Controller particularly highlights to the data subjects that their rights to rectification, erasure, and restriction (blocking) can be limited by law for the external and internal security of the state, such as defense, national security, the prevention or prosecution of crimes, the security of the penitentiary system, furthermore for state or municipal economic or financial interests, the significant economic or financial interest of the European Union, and for the prevention and detection of disciplinary and ethical offenses related to the practice of professions, labor law and occupational safety obligations, including control and supervision, and for the protection of the rights of the data subject or others.
The Data Controller will inform the data subject of the matters specified in the request and/or rectify, delete, and/or restrict (block) the data, or take other steps in accordance with the request without undue delay, within a maximum of 30 days from the receipt of the request, if there is no reason for exclusion.
The Data Controller must inform the data subject in writing of the rectification, deletion, or restriction of processing, and all those to whom the data was previously transferred for processing purposes. Upon the request of the data subject, the Data Controller will inform the data subjects of these recipients. Notification may be omitted if it does not harm the legitimate interest of the data subject considering the purpose of processing or if it proves impossible or requires disproportionate effort. The Data Controller is also obliged to inform the data subject in writing if their rights cannot be exercised for any reason, and to specify the factual and legal reason and the legal remedies available to the data subject: the possibility to apply to the court and the National Authority for Data Protection and Freedom of Information.
Right to Data Portability:
The data subject has the right to:
When exercising the right to data portability, the data subject is entitled to request the direct transmission of personal data between data controllers, where technically feasible.
Given the data processing carried out by the Data Controller, the conditions for exercising the right to data portability are not met (there is no automated data processing), so the data subject cannot exercise this right.
Right to Object:
The data subject may object to the processing of their personal data – including profiling – if:
The data subject may object to the processing of personal data for direct marketing purposes pursuant to Article 21(3) of Regulation (EU) 2016/679, after which the personal data may no longer be processed for this purpose.
If the processing of personal data is for scientific or historical research purposes or statistical purposes, the data subject has the right to object to the processing of personal data concerning them based on their particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The Data Controller will examine the objection within the shortest possible time, but no later than 30 days from the submission of the request, and inform the applicant of the result in writing. If the objection is justified, the Data Controller will terminate the data processing – including further data collection and data transfer – and block the data and inform all those to whom the personal data affected by the objection was previously transferred and who are obliged to take action to enforce the right to object.
If the data subject disagrees with the Data Controller's decision or the Data Controller fails to meet the mentioned deadline, the data subject is entitled to go to court within 30 days from the notification.
The data subject has the right to object to automated decision-making.
Judicial Enforcement:
The data subject can go to court in case of violation of their rights. The court will proceed with the case promptly. It is the Data Controller's responsibility to prove that the data processing complies with the regulations.
In case of violation of the right to informational self-determination, a complaint can be filed with:
National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410
Website: http://www.naih.hu
Email: ugyfelszolgalat@naih.hu
We reserve the right to change the data processing information, so please return here regularly to stay informed of any changes to the data protection information.
January 1, 2020
János Péterszegi
Managing Director
BA-HA-MA’S Ltd.