We are particularly careful to manage all your data in the most scrupulous way possible. This is why we have implemented careful and aware actions and ways of working. Below we explain how.

INFORMATION ON THE PROCESSING OF PERSONAL DATA
Article 13 of REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data

Dear Madam / Sir,
This present Prospectus (hereinafter referred to as the “Prospectus”) informs you that the data provided by you to KRISTILLA Kft. (hereinafter referred to as “KRISTILLA” or the “Company”) or the data requested by the Company in connection with the conclusion, management, execution and / or termination of the contracts can be subject to data processing. In case they are not designated separately, the terms defined in Article 4 of the Regulation shall be used in this Prospectus in the same way as defined in the Regulation.

The processing of personal data is carried out by means of manual and IT tools, which in any case are suitable for ensuring the security and confidentiality of the data and for preventing access to personal data by unauthorised persons. We process personal data for the following purposes:

1. For concluding, managing, performing and / or terminating contracts;
2. For the purposes of managing the above legal relationship, i.e. based on operational / management needs (such as accounting and taxation, credit management, etc.);
3. For purposes related to the fulfilment of obligations arising from national and European legislation or imposed by authorities and recognised by law.

Your personal data will be processed for the above purposes in accordance with the Regulation and your prior consent is not required.
The data collected for the purposes described above are going to be retained only for the duration necessary to meet the above-mentioned purposes and to perform the contract in accordance with the applicable laws and regulations.

All personal data that has been or is going to be provided by you to us in connection with the performance of the contract, or data that comes to our attention during this relationship, shall be subject to data processing. At the same time, the Company has or may become aware of sensitive personal data.
We hereby confirm that the processing of these personal data is carried out confidentially and in full compliance with the relevant legislation.

1. Persons, companies, organisations and professional groups that provide support and advisory services or activities or provide other services to the Company, including, but not limited to the fields of technology, accounting, administration, law, taxation or finance;
2. Banks and insurance companies;
3. Persons authorised to have access to personal data and are recognised by statutory provisions or by secondary regulations or authorities and approved by law.

If necessary, for the achievement of the aforementioned objectives, the employees of the Company processing personal data, including those working at the headquarters of the Company abroad as well shall also have access to your personal data.

Persons in the above-mentioned category process personal data as persons who have been entrusted with processing such data in their role of data processor, in a completely independent way as they are persons who have not been involved with the original data processing carried out at our Company.

With particular reference to the persons, companies, organisations, and professional groups that provide support and advisory services or activities, or provide other services to the Company, primarily, but not exclusively, in the field of technology, accounting, administration, law, taxation, or finance: these persons shall be appointed by the Data Controller, the external data processors of personal data by means of appropriate instruments of appointment, specifying the methods of data processing and the security measures to be applied during the processing and storage of personal data of which the Company is the data controller.
The list of persons to whom your personal information is to be transferred to is going to be made available to you after your related request to this effect via the e-mail addresses at privacy@mjusworld.com

You are required to provide the necessary personal data to fulfil a statutory obligation and the possible refusal to provide such data or the misstatement of any necessary information shall result in the following consequences:
a) it is going to make it impossible for the data controller to provide data processing in accordance with the written verbal agreement in connection with which the data is provided;
b) the results of the data processing may not meet the obligations imposed by the relevant tax, administrative and labour regulations. The provision of additional personal data not prescribed by law or other legislation may become necessary in the case personal data is related to or necessary for the preparation, signing and performance of a contract; in this case, the possible rejection of the provision of personal data may result in failing to accurately perform the requirements of the legal relationship.

In addition, we hereby inform you that, upon written request to the Data Controller at the addresses available on privacy@mjusworld.com, the rights under Articles 15, 16, 17, 18, 20, 21 of the Decree shall be guaranteed to the data subject to (i) receive from the Data Controller the confirmation of the existence of his / her personal data, and in this case, access to the data and the information provided for in Article 15 (1), including to know the origin of such data, the process and purpose of data processing, to know the groups of persons to whom they may transfer personal data, to obtain the identity of the data controller and the data processor, to know the persons and categories of persons to whom the data may be transferred to or who may have access to such data, such as a designated representative, data controller or agent; (ii) request the deletion of data ("right to be forgotten"), to render such anonymous or to request the blocking of unlawfully processed data; (iii) to have such data updated, corrected or, if necessary, supplemented; (iv) to limit the data management; when the conditions set out in Article 18 (1) are met, (v) to have data processing restricted entirely or partially for legitimate reasons. In case personal data is processed for direct marketing purposes, the data subject shall be entitled at any time to have data processing for this purpose cancelled, including profiling to the extent that it is related to such direct marketing activity.

The data subject is (vi) entitled for data portability, i.e. he / she is entitled to receive personal data concerning him / her from the data controller in a distributed, widely used, machine-readable and interoperable format and to transfer it to another data controller in the event the conditions stipulated by Article 20 (1) exist; the data subject is also entitled to request, where technically feasible, the direct transfer of personal data between data controllers.

The Data Controller hereby undertakes to inform each addressee to whom he has transmitted personal data of any modifications or deletions possibly made pursuant to Article 16, Article 17 (1) and Article 18 or restriction of data processing, unless this proves to be impossible, or unduly burdensome.
In addition, we hereby indicate that you are entitled to withdraw your consent at any time without affecting the lawfulness of the data processing based on your consent prior to the revocation, taking into account the consequences listed above for refusing to provide personal data, and the right to file a complaint before the Supervisory Authority.

The Company commits itself to responding to the requests of the data subject within 30 days, except for extremely complex cases with maximum 90 days to respond. In all cases, the Company shall inform the data subject of the reason to wait within 30 days following the submission of the request.

The result of the request shall be sent to the data subject in writing or in electronic form. If the data subject requests modification, deletion or restriction of the data processing, the Company undertakes to communicate the subject of the requests received from the data subjects to all addressees of the data, unless this proves impossible or would constitute a disproportionate burden.

The Company specifies that the data subject may be requested to pay a fee if the request proves to be unfounded, excessive or repetitive, and in which case the Company shall keep records to follow-up the procedural requests.

The data controller is KRISTILLA Kft. 9900 Körmend, Rákóczi Ferenc út 154.