Privacy policy

1. Introduction

NOVIN Informatikai, Kereskedelmi és Szolgáltató Betéti Társaság (in short Novin Bt.) hereinafter referred to as the Data Controller, processes the data of persons using the website (https://novin.hu) in order to provide them with the appropriate service. The Data Controller collects and processes the personal data of the persons concerned solely on the basis of their voluntary consent after prior information. By publishing this Privacy Statement and Data Protection Statement (hereinafter referred to as the “Data Protection Statement”), the Data Controller sets out the principles of its data management, which the Data Controller acknowledges as binding on itself.

In order to ensure the protection of and respect for personal data, the service provider shall fully comply with the legal requirements during data processing, in particular with regard to the content of Regulation (EU) 2016/679 of the European Parliament and of the Council and Act CXII of 2011 on the right to information self-determination and freedom of information.

Name of the service provider, data controller

  • Company name: NOVIN Informatikai, Kereskedelmi és Szolgáltató Betéti Társaság (abbreviated as Novin Bt.)
  • Headquarters: 1134 Budapest, Angyalföldi út 5/B, Lion irodaház
  • Tax number: 21582963213
  • Company registration number: 13 06 064528

Contact details of the service provider, data controller

  • Email: kapcsolat@novin.hu
  • Telephone: (20) 629 5807
  • Postal address: 2013 Pomáz, Seregély utca 1.

2. Definitions

Data processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller;

Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Data controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;

Data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Consent of the data subject: a voluntary, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she agrees to the processing of personal data concerning him or her;

Recipient: the natural or legal person, public authority, agency or any other body with whom or to which the personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

Data Subject/User: any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data;
GDPR (General Data Protection Regulation): the European Union’s new Data Protection Regulation;

Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Personal data: any information relating to an identified or identifiable data subject; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Non-personal data: any information that is not linked to an identified or identifiable person, i.e. data other than personal data as defined in Article 4(1) of the General Data Protection Regulation (GDPR).

Business: a natural or legal person carrying out an economic activity, regardless of its legal form, including partnerships and associations of persons carrying out a regular economic activity.

Natural person: In jurisprudence, natural person refers to a living human being, the natural subject of rights relating to the person. A natural person has legal capacity in his own right, i.e. he can become subject to rights and obligations.

Legal person: in jurisprudence, a legal person is a type of person, a social organisation which has legal capacity, i.e. which can become subject to rights and obligations in its own name.

3. Principles of data management

The Data Controller declares that it processes personal data in accordance with the provisions of the Privacy policy and complies with the relevant legislation, in particular with regard to the following:

The processing of personal data must be lawful, fair and transparent to the data subject.

Personal data may only be collected for specified, explicit and legitimate purposes.

The purposes for which the personal data are processed must be adequate, relevant and limited to what is necessary.

Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted without delay.

Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.


Personal data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by appropriate technical or organisational measures.

The principles of data protection shall apply to any information relating to an identified or identifiable natural person.

4. General data processing information

The purpose of data processing is to enable the Data Controller to provide personalized services and offers to persons using the Data Controller during the operation of the website or during contact (by telephone, online or in person).

The legal basis for data processing is the consent of the person concerned.

The data subjects are the users of the website and any private person who wishes to use the services provided by the Data Controller.

Duration of data processing and deletion of data. The duration of the processing always depends on the specific purpose of the user and the consent. The Data Controller will delete the data without delay once the original purpose has been achieved. The data subject may withdraw his or her consent to the processing at any time by sending an e-mail to the contact email address. If there are no legal obstacles to deletion, your data will be deleted.

The data may be accessed by the employees of the Data Controller involved in the processing activities, by staff provided by various Student Unions, by subcontractors (project-related), by students on work placements or by casual workers.

The data subject may request the Controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data and the data subject’s right to data portability.

The data subject may withdraw his or her consent to the processing at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

The data subject shall have the right to obtain from the Controller, at his or her request and without undue delay, the rectification or integration of inaccurate personal data relating to him or her.

The data subject shall have the right to have the Controller erase inaccurate personal data relating to him or her without undue delay upon his or her request.

The modification or deletion of personal data may be initiated by email, telephone or letter to the contact details of the Data Controller given above.

5. Data processing in connection with a request for a quote or contact initiated on a website

The purpose of data management is to enable the Data Controller to contact persons who contact the Data Controller with a service request and thus submit a contact request, and to provide them with personalized services and offers.

Legal basis for processing: unambiguous consent of the data subject.

Fact of processing

Scope of data processed: the specific purposes for which the data are processed

  • Name/Contact person: identification, contact.
  • (Company name): Identification, contact.
  • Address: Identification, contact.
  • E-mail: Identification, contact.
  • Phone: Identification, contact. Forwarding requests, comments.
  • Message: Identification, contact. Forwarding requests, comments.
  • IP address: Technical information operation.
  • Cookie ID: Technical information operation.

Data subjects: all visitors who make a request for a quote or contact on the website.


Duration of data processing, deadline for deletion of data: depends on the specific user request for an offer or contact and the consent given. The Data Controller will delete the data without undue delay if the original purpose has been achieved or if the data subject withdraws his or her consent to the processing.


The identity of the potential controllers entitled to access the data: The personal data may be accessed by its employees under contract with the Controller (employees, student workers, subcontractors, trainees, casual workers), in compliance with the Data Processing Policy.

Example of possible forms of access to the data include: a Customer or Client who wishes to use the Data Controller, for which the Data Controller needs the name of the Customer or Client (identification), the address of the Customer or Client in case of an on-site service (identification), the message itself or some form of contact (telephone, e-mail). In providing the service, the Data Controller’s contractual partners may in certain cases have access to the Customer’s or Client’s personal data, the processing of which is governed by the instructions in this Privacy Policy.

The data subject may request the Controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data.


The data subject may at any time withdraw his or her consent to the processing, but this shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.

The data subject shall have the right to obtain, upon his or her request and without undue delay, the rectification, integration or erasure of personal data relating to him or her by the Controller.

Data subjects may make a request concerning their personal data by email, telephone or letter to the contact details of the Data Controller indicated above.

6. Management of cookies

Cookies are placed on the user’s computer by the websites visited and contain information such as the page settings or login status. Cookies are therefore small files created by the websites visited. They improve the user experience by saving browsing data. Cookies help the website remember your site settings and offer you locally relevant content. A small file (cookie) is sent by the provider’s website to the computer of the website visitor in order to establish the fact and time of the visit. The provider informs the website visitor of this.

The purpose of the processing: to provide additional services, identification and tracking of visitors.

Legal basis for processing: the user’s consent is not required if the use of cookies is strictly necessary for the provider.

Scope of data processed: unique identifier, time, preferences. The data subjects are the visitors of the website.

The Data Controller is not processing personal data by using cookies. The user has the possibility to delete cookies from his/her browser at any time in the Settings menu.

7. Using Google Adwords conversion tracking

On the website, the service provider uses the online advertising program “Google AdWords” and makes use of Google’s conversion tracking service. Google conversion tracking is an analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

When the user accesses a website through a Google ad, a cookie is placed on his or her computer for conversion tracking. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them. The purpose of Google AdWords conversion tracking is to enable the Data Controller to measure the effectiveness of AdWords advertising.

When the User browses certain pages of the website and the cookie has not expired, Google and the data controller can see that the User has clicked on the ad. Each Google AdWords client receives a different cookie, so they cannot be tracked through AdWords clients’ websites.

The information obtained through conversion tracking cookies is used to generate conversion statistics for AdWords customers who opt for conversion tracking. Clients are then informed of the number of users who click on their ad and are referred to a page with a conversion tracking tag. However, they do not have access to information that would allow them to identify any user.

If you do not wish to participate in conversion tracking, you can opt out by disabling the option to set cookies in your browser. You will then not be included in the conversion tracking statistics.

For more information and to read Google’s privacy statement, please visit www.google.de/policies/privacy/

8. Using Google Analytics

On this website, the provider uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer to help analyse the use of the website visited by the User.

The information generated by the cookie about the website you use is usually transmitted to and stored by Google on servers in the United States. By activating the IP anonymisation on the website, Google will previously shorten the IP address of the User within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage.

The Data Controller uses Google Analytics primarily to generate statistics, including to measure the effectiveness of its activities. By using the program, the Data Controller mainly obtains information about the number of visitors to its website and the time spent on the website. The program recognises the IP address of the visitor and is therefore able to track whether the visitor is a returning or new visitor, and to track the path the visitor has taken on the website and where he or she has accessed.

Google Analytics will not associate the IP address transmitted by the user’s browser with any other data held by Google. The storage of cookies can be prevented by the User by setting the appropriate settings on his browser. The User may also prevent Google from collecting and processing data about his or her use of the website through cookies by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu

9. Facebook pixel

The Facebook Pixel is a code that is placed in the source code of a website. When someone visits the site and performs an action (for example, filling out a contact form), the Facebook Pixel is activated and reports the action. This allows the website operator to be notified if a customer has performed an action after viewing a Facebook ad. A custom audience can then be used to reach that customer again. Remarketing lists are not suitable for personal identification. They do not contain any personal data of the visitor, they only identify the browser software.

Facebook Pixel is used by the Data Controller primarily for conversion tracking to measure the effectiveness of advertisements, in particular the viewing of individual blog articles and service sub-pages and the use of the contact option. And through conversion optimization, our goal is to have Facebook show ads to people who are most likely to convert on the site. The Data Controller also uses the Facebook pixel to build remarketing lists to retarget visitors to the website with targeted ads.

10. Social media sites

A social networking site is a media tool where the message is spread through social users. Social media uses the Internet and online publishing to transform users from content receivers to content editors. Social media is the interface of web applications that host user-generated content, such as Facebook, Google+, Twitter, Pinterest, etc.

Social media can take the form of public speeches, presentations, demonstrations, product or service launches. The forms of information published on social media may include forums, blog posts, images, video and audio, message boards, email messages, etc. As mentioned above, the scope of the data processed may include, in addition to personal data, the public profile picture of the user.

The purpose of the data collection is to promote the website or a related website.

The legal basis for the processing: the voluntary consent of the data subject to the processing of his/her personal data on social networking sites.

The fact of data collection, the data processed: the name registered on Facebook/ Google+/ Twitter/ Pinterest/ Youtube/ Instagram etc. social networking sites, and the user’s public profile picture.

The data subjects are: anyone who has registered on Facebook/ Google+/ Twitter/ Pinterest/ Youtube/ Instagram etc. and has “liked” the website.

The duration of the processing, the time limit for deletion of the data, the identity of the possible controllers who have access to the data and the rights of the data subjects in relation to the processing of the data: The data subject can find out about the source of the data, how it is processed, and the method and legal basis of the transfer on the relevant Community site. The data are processed on the social networking sites, so the duration of the processing, the way in which the data are processed and the possibilities for deleting and modifying the data are governed by the rules of the social networking site concerned.
Duration of data processing: according to the rules available on the relevant community site.

Persons having access to the data: in accordance with the rules available on the relevant community site.

Rights relating to the processing of data: in accordance with the rules available on the relevant community site.

Method of storage of data: electronic.

11. Processing of data of contractual partners and their contacts

Purpose of processing: to maintain contact with the contact persons acting on behalf of the partners who have entered into a contract with the Data Controller, to fulfil the legal obligations arising from the contract, to perform the service.

Legal basis for processing: explicit consent of the data subject.

Fact of processing

Scope of the data processed: Specific purpose of the processing

  • Name/Contact person: identification, contact.
  • (Company name): Identification, contact.
  • Address: Identification, contact.
  • E-mail: Identification, contact.
  • Phone: Identification, contact. Forwarding requests, comments.
  • Message: Identification, contact. Forwarding requests, comments.
  • IP address: Technical information operation.
  • User names, passwords: Provision of service.
  • Identifiers, access codes: Service provision.
  • Settings and parameters: Provision of service.
  • Data uploaded by the user in the context of the Hosting Service: Provision of the Service.
  • Data backed up in the context of a hosting or administrator service: Provision of service.

Data subjects: all persons registered as contact persons and/or managing directors in relation to the contracts and, depending on the project, the data stored on the computer or server of these contractors.

Duration of data processing, time limit for deletion of data: the original purpose of data processing ceases to exist when the status defined in the contract is terminated. The Controller shall delete the data without undue delay if the original purpose ceases to exist or if the data subject withdraws his consent to the processing.


Potential data controllers who may have access to the data: personal data may be accessed by the Data Controller’s contracted staff (employees, student workers, subcontractors, interns, casual workers) in compliance with the Data Processing Policy, with particular reference to employees performing administrative tasks, in compliance with the Data Processing Policy.

Possible examples of how the data may be accessed include: a Customer or Client who wishes to use the Data Controller, for the provision of which the service provider needs the Customer’s or Client’s company name (identification), the name of the contact person (identification), the address in case of an outbound service (identification), the message transmitted itself or some form of contact (telephone, e-mail). In the course of providing the service, such as system administrative processes or server rental, the provider’s staff have or could have access to the Customer’s or Client’s personal data, the handling of which is governed by the instructions in this Privacy Policy.

The data subject may request the Controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data.

The data subject may withdraw his or her consent to the processing at any time, but this shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.

The data subject shall have the right to obtain, upon his or her request and without undue delay, the rectification, integration or erasure of personal data relating to him or her by the Controller.

Data subjects may make a request concerning their personal data by email, telephone or letter to the contact details of the Data Controller indicated above.

11.1. Processing of Customer Reviews

Purpose of data processing: to inform interested parties and website visitors about the possibilities offered by the service, to clarify the purposes they can achieve through the personal experiences of others, to arouse interest, with the consent of the customers concerned.

Legal basis for processing: consent of the data subject.

Fact of processing:

Scope of data processed: Specific purposes for which the data are processed

  • Name: identification, authentication.
  • Company name: Identification, authentication.
  • Job title/Position: Identification, authentication.

Data subjects: all natural persons who, after having cooperated with the Data Controller, share their experiences of the service provided by the Data Controller, after having given his or her consent and of his or her own free will.

Duration of processing, deadline for erasure of data: erasure at the request of the data subject.

Who is entitled to access the data: visitors to the website.

The data subject may request the Controller to rectify or erase personal data concerning him/her. Data subjects may make a request concerning their personal data by email, telephone or by letter to the contact details of the Data Controller indicated above. The sharing and communication of opinions on the website does not, however, constitute a necessity of cooperation between the Data Controller and its Customers.

12. Customer relations and other data processing

If the data subject has any questions or problems when using our services, he or she can contact the data controller by the means indicated on the website (telephone, e-mail, etc.).

Information on processing not listed in this notice will be provided at the time of collection of the data.

In exceptional cases, the Data Controller is obliged to provide information, data or documents in response to a request from a public authority or other bodies authorised by law.

In such cases, the Service Provider shall only disclose personal data to the requesting party – provided that the latter has indicated the precise purpose and scope of the data – to the extent that is indispensable for the purpose of the request.

13. Data security (§ 7)

The Data Controller shall plan and carry out the activities related to the processing in such a way as to ensure the protection of the personal data of the data subjects.

The Data Controller shall ensure the security of the data and shall take the technical and organisational measures necessary to enforce data protection and confidentiality rules, in particular with regard to unauthorised access and transmission, disclosure, intentional or accidental deletion and damage, and availability.

The Data Controller shall ensure, by establishing and maintaining an appropriate IT system, that the data stored in the records cannot be directly linked and attributed to the data subject. It shall also ensure that the data it processes are accessible only to persons competent to carry out tasks related to the processing.

14. Rights of data subjects

The right to request information: the data subject may request, through the contact details provided, information on what data are processed by the Data Controller, on what legal basis, for what purpose, from what source and for how long. Upon request, the Controller will provide information without delay, but within 30 days at the latest.

Right to rectification: the data subject may request the rectification of his or her data through the contact details provided. At the data subject’s request, the Controller shall make the amendment without delay and within 30 days at the latest.

Right to erasure: The data subject may request the erasure of his or her data through the contact details provided. Upon the data subject’s request, the Data Controller shall delete the data without undue delay and within a maximum of 30 days.

Right to blocking: the data subject may request the blocking of his or her data by contacting the Data Controller using the contact details provided. The blocking lasts as long as the reason indicated by the data subject makes it necessary to store the data. At the request of the data subject, the Controller shall block the data without undue delay and within a maximum of 30 days.

Right to object: the data subject may object to the processing of his or her personal data using the contact details provided. The Data Controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, and shall decide on its merits.

15. Enforceability of data processing

In the event of unlawful data processing experienced by the data subject, the service provider will be notified via the contact details provided and will have the opportunity to restore the lawful status as soon as possible. In the interest of the data subject, the Data Controller will make every effort to resolve the problem.

If the data subject considers that the lawful situation cannot be restored, he or she may notify the National Authority for Data Protection and Freedom of Information of this using the following contact details.

  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Postal address: 1363 Budapest, PO Box 9.
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • E-mail: ugyfelszolgalat@naih.hu
  • Website URL: https://www.naih.hu/

16. Legal basis for data processing

REGULATION No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).

Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

Act LXVI of 1995 on public records, public archives and the protection of private archival material.

Government Decree No 335/2005 (XII. 29.) on the general requirements for the management of records by public bodies.

Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

Act C of 2003 on Electronic Communications.

17. Amendment of the Privacy Policy

We reserve the right to modify this Privacy Statement and will inform the data subject accordingly. Information on data processing will be published on the website https://novin.hu.

Cd: Budapest, 2022. 06. 08.