Privacy Statement

concerning the data processing practice of Meli Business Solutions Limited (hereinafter referred to as the Company or the Controller), as the operator of the website www.melisolutions.hu (hereinafter referred to as the Website), in connection with the Website and the services provided through the Website.

By starting to use the Website, the visitors thereof (hereinafter referred to as the User) acknowledge and accept the terms and conditions of this Privacy statement (hereinafter referred to as the Statement); hence, we kindly ask you to check out this Statement carefully before starting to use the Website.

The subjects of data processing (hereinafter jointly referred to as the Data Subjects) are the natural person visitors of the Controller’s Website.

Definitions

1. Personal Data: Any data that may be linked to the data subject, particularly the name, ID number and other identifiable characteristics of the data subject, including one or more physical, physiological, mental, economic, cultural or social attributes thereof, and the conclusions drawn from the data in regard to the data subject;

2. Data Management: Regardless of the procedure or method implemented, any operation or set of operations which are performed on data, such as collection, registration, recording, organisation, storage, alteration, adaptation, retrieval, transmission, disclosure, alignment or combination, restriction, erasure and destruction and prevention of further use of the data, photographing, sounds and video recording, and the recording of physical attributes for identification purposes (e.g. fingerprints and palm prints, DNA samples and retinal images);

3. Data Controller: The natural or legal person, or unincorporated organisation, that alone or jointly with others determines the purpose of controlling the data, takes or implements or orders the data processor to implement decisions of data processing (including the methods and devices implemented);

4. Data Processing: Performing technical operations involved in data processing, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that such technical operations are carried out on the data;

5. Data Processor: The natural or legal person, or unincorporated organisation, that performs under a contract the processing of data, including when contracting is ordered by virtue of law;

6. Recipient: A natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with union or member state law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

7. Consent: The data subject’s voluntary and determined expression of will, based on appropriate information with which the subject provides consent to his/her personal data being (fully or covering single operations) controlled.

If the definitions of the applicable data protection legislation differ from the definitions of this regulation, the definitions of the legislation shall prevail.

Principles of data processing

Our Company follows and observes the following principles in the course of data processing:

a) The personal data will be processed lawfully, fairly and in a transparent manner.

b) We collect personal data only for specified, explicit and legitimate purposes and we do not process the collected data in a manner that is incompatible with those purposes.

c) The personal data collected by our Company are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

d) In the course of data processing, our Company will take all reasonable steps to ensure the accuracy and up-to-date nature of the personal data; therefore, we will immediately erase or rectify the data that are inaccurate.

e) We store the personal data in a form that permits identification of you (as data subject) for no longer than is necessary for the purposes for which the personal data are processed.

f) By implementing appropriate technical or organisational measures we ensure the adequate security of the personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.

Your personal data

a) will be collected, recorded, organised, stored and used (jointly: processed) on the basis of your voluntary consent based on the proper provision of information, solely for a certain purpose and to the extent required to achieve such purpose.

b) in certain cases, the processing of your personal data is obligatory under the provisions of the respective laws; in such cases, we will specifically draw your attention to this fact.

c) in certain cases, the basis of data processing if the legitimate interest (like the operation, development and ensuring the security of our Website) of our Company or any third party.

Details of data controller

The Controller is the operator of the Website, namely Meli Business Solutions Limited (the name of the company).

Registered seat: Unit 1002, Unicorn Trade Centre, 127-131 Des Voeux Road Central, Hong Kong

Company registration number: 2766868

Represented by: Mengyi Li

Email: info@melisolutions.com

Phone: +36 20 394 2332

The scope of processed data

a) In the course of visiting the Website:

The purpose of data processing: To ensure the proper and high quality operation of the website, to control and improve the quality of our services, the identification of malicious use and users of the website, to measure the number of visitors, statistical purposes.

The legal basis of data processing: The legitimate interest of our Company

Description of the rights for affected people: You have the option to delete cookies from the Tools / Preferences menu of your browsers, usually under the Privacy menu item.

Possible data controllers: By using cookies, the data controller not manage any personal data.

The scope of the processed data:

· demographic data (gender, age)

• scope of interest

• geographical data (location, language)

• attitude (new or returning visitor, frequency of visits, work session and term)

• technology (browser and operating system)

• network (service provider)

• IP address (required to diagnose certain problems that may occur at the loading-in of the website, to the administration of the website and for demographic data). The IP address is a code consisting of a series of numbers that allows the precise identification of the computers and mobile devices of internet users. By using the IP address, even the geographical location of a given user may be identified. The names of the visited websites, the date and time of the visit are not sufficient to the identification of the data subject, but combined with other data (provided for example as a part of inquiry) these are suitable to serve as a basis for conclusions on data subjects.

The cookies are small-sized data files (hereinafter referred to as cookies) that are placed on your computer through the use of the website, by means of being downloaded and stored by your browser. The default setting of the most popular Internet browsers (Chrome, Firefox, etc.) is to accept and allow the downloading and use of the cookies; however, you may change the settings of your browser and thereby reject or prohibit the further use of cookies, moreover, you may even delete the already downloaded cookies from your computer. For further information on the use of cookies, please check the ‘Help’ function of your browser.

There are certain cookies that do not require your preliminary consent. Regarding these cookies, short information will be provided to you upon your first visit to our website. These cookies serve the purposes of authentication, multimedia-playing, load balancing, personalisation of user’s account (session cookies) and the user-focused security cookies.

On cookies that require the user’s consent (in case the data processing starts already upon visiting our website) we will inform you at the beginning of your first visit to the website and we will request for your consent.

Our Company does not apply or permit the application of cookies that would enable the collection of your data for third parties without your consent.

You are not obliged to accept the cookies; however, rejection of the cookies may result in the improper or unexpected operation of our website, for which we exclude our liability.

Our website uses the Internet analysing service provided by Google Inc. (Google Analytics). Google Analytics allows the analysis of the use of the website. The related information concerning the use of the website will usually we forwarded to and stored on Google servers located in the USA. On behalf of the operator of the website, Google will use this information to evaluate the use of the website, to prepare reports on the activities on the website, as well as to provide further services to the website operator in connection with the website’s activity and the use of the Internet. The data processed by Google Analytics (like the IP address) will not be combined with other data processed by Google.

Google Analytics #1

Name: UA-130172983-1

Is the consent of the data subject required: no

Description: Storage of user- and event data

Purpose: collection of data concerning the traffic of the website

Validity: 2020.11.30.

We request the visitors of our website to provide their personal data only if they use the ‘Contact/Online reservation’ function. Should you have any question concerning the data processing, you may turn to us with your inquiry via email (info@melisolutions.com). We will answer your question without delay, within 15 days (but, in any case, latest by 1 month) to your contact details.

b) E-Contact:

The data subject has given consent to the processing of his or her personal data for one specific purpose (Contact). You may fill out and submit the contact form through the website only after having read and understood this privacy statement. The data subjects shall provide their own personal data on the website. If the data source provides another person’s data, the consent of the actual data subject shall be acquired by the data source.

The purpose of the processing: Communication, provision of services

The legal basis of data processing: The voluntary consent of the data subject in knowledge of this privacy statement

The term of data processing: During the existence of the purpose of data processing, namely, for a term of maximum 30 days from the date of receipt by the Controller or until the Data Subjects requests the erasure of his/her data or withdraws his/her consent granted to the processing thereof.

Only natural persons of full legal capacity, over the age of 16 years are entitled to provide their data on the website. The statement of consent of minors over the age of 16 shall be considered valid without the permission or subsequent approval of their legal representative.

In the ‘Contact’ menu point on the website, the data subject may provide his/her data in order to receive information or to submit comments in connection with the services offered on the website or the activity of the controller (hereinafter referred to as Contact). In the course of using the Contact function, the following data shall be provided:

· name;

· company

· email;

· phone number;

· message.

Upon the termination of the purpose of data processing, after the expiry of the deadlines indicated at the individual data processing procedures or upon the request of the data subject, the personal data shall immediately be erased.

Persons authorized to have access to the personal data, data processing

The Controller shall be entitled to have access to the personal data in compliance with the prevailing laws and regulations. The processing of the data is performed by the Controller, without the involvement of a data processor. The Controller hereby reserves the right to involve data processors to the processing in the future, of which fact the Users shall be notified by the amendment of this Policy. In lack of explicit legal regulation on the contrary, the Controller will transfer personal data suitable to the identification of the data subject in the possession of the expressed consent of the data subject only.

As you provide us with your personal data on voluntary basis in the course of registration and communication with us, please, pay particular attention to the provision of true, correct and accurate data, for which you shall bear sole liability. The provision of incorrect, inaccurate or incomplete data may prevent the use of our services.

In case you provide another person’s data, we assume that you are properly authorised to do so. If the data source provides another person’s data, the consent of the actual data subject shall be acquired by the data source.

Users’ rights

You may withdraw the consent granted to data processing at any time

- by submitting a written request for the erasure of data,

- by withdrawing your consent given to data processing, or

- by withdrawing your consent given to the processing or to the use of any data the provision of which is obligatory in the course of submitting an inquiry, or by requesting the blocking of the same data.

Upon the request of the User, the Controller shall provide information:

- on the personal data processed by it,

- the source of personal data,

- the purpose of data processing,

- the legal basis of data processing,

- the duration in data processing,

- the name, address of the data processor and their operations relating to data processing,

- furthermore, in case of transfer of the data subject’s data, the legal basis and the recipient of data transfer.

Such information may be requested via email (info@melisolutions.com) or via post (To: Meli Business Solutions Limited, 80 Robinson Road, Block 2, 35/F, Unit D Mid-levels). In both cases, the data subject shall verify his/her identity and provide a mailing address. The Controller shall respond to the request for information within maximum 25 days from the receipt thereof.

The user may request the rectification of his/her personal data (by indicating the correct data), via email (info@melisolutions.com) or via post (To: Meli Business Solutions Limited, 80 Robinson Road, Block 2, 35/F, Unit D Mid-levels). In both cases, the data subject shall verify his/her identity and provide a mailing address. The Controller shall provide for the rectification of the concerned data in its records immediately and notify the data subject thereof in writing. In addition to the above, the User may request the erasure or blocking of his/her data (in full or in part) at any time, via email (info@melisolutions.com) or via post (To: Meli Business Solutions Limited, 80 Robinson Road, Block 2, 35/F, Unit D Mid-levels). Such request may be submitted by the User without reasoning, free of charge, by verifying his/her identity and providing a mailing address.

Following the receipt of the request for erasure, the Controller shall provide for the termination of data processing immediately, and erase the User from its records. Personal data shall be blocked instead of erased by the Controller if so requested by the User, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the User. Blocked data shall be processed only for the purpose which prevented their erasure and for the term of existence of such purpose.

Furthermore, the User may decide at any time on requesting the Controller to stop sending him/her newsletters. The User may withdraw his/her consent given to the receipt of Newsletters at any time, free of charge, without the need of reasoning and without restriction, by clicking on the unsubscribe button (located on the bottom of each newsletter) or by sending his/her request via email (info@melisolutions.com) or via post (To: Meli Business Solutions Limited, 80 Robinson Road, Block 2, 35/F, Unit D Mid-levels), indicating his/her personal data accurately. Following the receipt of the request for unsubscription, the Controller shall erase the User’s data immediately from the direct marketing database and shall stop sending newsletters to him/her.

If the withdrawal of the consent concerns the direct marketing-related data processing (the sending of Newsletters), the Controller shall erase the User’s data from its direct marketing register only, and the Controller shall remain entitled to process the User’s data for the purpose of provision of services through the Website. Each consent shall refer to one specific purpose only; hence, the registration to the Website and the subscription to newsletters shall qualify as two different purposes and, accordingly, two distinct and unconnectable databases shall be set up.

The User shall have the right to object to the processing of his/her personal data,

• if processing or disclosure is carried out solely for the purpose of discharging the Controller’s legal obligation or for enforcing the rights and legitimate interests of the Controller, the recipient or a third party, unless processing is mandatory;

• if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and

• in all other cases prescribed by law.

In the event of objection, the Controller shall investigate the cause of objection within the shortest possible time inside a 15-day time period, adopt a decision as to merits and shall notify the data subject in writing of its decision. If the User disagrees with the Controller’s decision or if the Controller fails to meet the above deadline, the User may turn to the court within 30 days from receipt of the decision or the last day of said deadline.

In the case of using false personal data, or the commission of a crime or attack against our system by one of our Users, we will cancel the registration of the said User, whose data will be erased immediately, or, if that is required for the purpose and for the term of any civil law or criminal law proceedings, such data will be stored.

Links

The Controller undertakes no liability for the content, data- and information protection policies and practices of external websites available through links located on our Website. If the Controller becomes aware that either the linked website or the fact of linking itself violates third party’s rights or the prevailing laws and regulations, the link shall be removed immediately.

Security of personal data

The Controller undertakes liability for the security of the personal data and he shall take the technical and organisational measures, and develop operating rules to ensure that the recorded, stored and processed data are protected, and he shall prevent their destruction and unauthorised access or alteration. Furthermore, the Controller undertakes to warn each third party, to whom the personal data will be forwarded or transferred upon the consent of Users, to the compliance with the requirement of data security. The Controller shall provide for the prevention of unauthorised access to, unauthorised disclosure, transfer, amendment or erasure of personal data. The data processed may be accessed only by the Controller, the employees of the Controller and the data processors involved by the Controller in the data processing, furthermore, the Controller may not transfer such data to any third person who is not entitled to have access thereto.

The Controller shall use its best efforts to prevent any accidental loss or destruction of data. The employees of the Controller involved in the data processing shall be subject to the above obligations as well.

The User hereby acknowledges and accepts that despite of the most recent security tools and measures of the Controller aimed at the prevention of any unauthorised access to the personal data provided on our Website, due to the features of the Internet no entire security and protection of his/her data is possible to be ensured. If unauthorised access or use of data occurs despite of our efforts to prevent the same, the Controller shall have no liability for such access, unauthorised obtainment of data or for the damages suffered by the User on the grounds of the above circumstances. In addition to the above, the Users may also provide their data to third parties, who may use such data for illegal purposes or in an abusive way.

The Controller collects no sensitive data, namely personal data related to race, nationality, political opinion or party affiliation, religious or philosophical beliefs, membership of associations and organisations, or sexuality, health condition, bad habits or criminal records.

Legal remedies and enforcement

About the data processing you may

- request information,

- request the rectification, alteration, completion of the data processed by the Company,

- protest against the data processing and can request the erasure and blocking of your data (except the compulsory data processing),

- have the right to appeal to the court,

- file a complaint at the supervisory authority and can initiate legal proceedings (https://naih.hu/panaszuegyintezes-rendje.html).

Supervisory Authority: National Authority for Data Protection and Freedom of Information

- Registered office: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.

- Mailing address: H-1530 Budapest, Pf.: 5.

- Phone: +36 (1) 391-1400

- Fax: +36 (1) 391-1410

- Email: ugyfelszolgalat@naih.hu Website: https://naih.hu/

Upon your request, we provide information on the following (processed by ourselves or our assigned data processor):

- your data, processed by our Company or by the data processor engaged by us,

- the source of personal data,

- the purpose and plea of data processing,

- duration of it and if it is not possible the aspects of the determination of this period,

- about the name, address of our data processors and their operations relating to data processing,

- about the circumstances and effects of data protection incidents and about the termination and prevention of them, furthermore

- about the plea and addressee of data transmission in case of transmission of your personal data.

The information is free, except if you have already submitted a request related to the same data set in current year. We shall reimburse the cost in case we processed the data unlawfully or the request of information led to rectification. We may only refuse to provide information in statutory cases, indicating the relevant legislation, and information on the possibilities of judicial remedies and appeal to the Authority.

Our company, about the rectification, blocking, marking and erasure of personal data, shall inform you and those to whom previously transmitted the data for processing purposes, except if the lack of communication shall not harm your legitimate interests.

Should we not fulfil your request related to rectification, blocking or erasure within 25 days after the submission of the request in written form or - with your consent - electronically we shall communicate the reasons of our rejection and inform you about the possibilities of a judicial remedy and contacting the authorities.

If you object to the processing of your personal data, we examine your objection and inform you of our decision within 15 days from the submission of the request.

We may deny the fulfilment of your request if we demonstrate the existence of compelling legitimate ground for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If you do not agree with our decision or we fail to meet the deadline, you may appeal initiate proceedings before the court within 30 days from receipt of decision or the last day of said deadline.

If in the User’s opinion, his/her right to protection of personal data was violated, he/she may seek for legal remedy with the competent bodies in line with the prevailing laws and regulations. The civil action concerning privacy falls within the jurisdiction of the tribunal and can be initiated – according to the choice of the data subject – at the court of his/her domicile or place of residence. Foreign nationals can submit a complaint at the supervisory authority of the place of residence.

With respect to electronically circulated advertisements the National Media and Infocommunication Authority shall have competence; the detailed regulation of this field in included in Act CXII of 2011 on Informational Self-Determination and Freedom of Information and in Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

The Controller shall use its best efforts to observe the prevailing laws and regulations in the course of data processing; however, if the User considers that an infringement was committed by the Controller, he/she may turn to us via email (info@melisolutions.com) or via post (To: Meli Business Solutions Limited, 80 Robinson Road, Block 2, 35/F, Unit D Mid-levels). We kindly ask you to turn to our Company before submitting a complain at the supervisory authority or turning to court in order to align and resolve the issue raised as soon as possible.

The prevailing laws and regulations

- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data

- Act CXII of 2011 on Informational Self-Determination and the Freedom of Information - (Info tv.)

- Act V of 2013 on the Civil Code (Ptk.)

- Act CVIII of 2001 on Electronic Commercial Services and Certain Legal Aspects of the Information Society Services - (Eker tv.)

- Act C of 2003 on Electronic Communications - (Ehtv)

- Act CLV of 1997 on Consumer Protection (Fogyv tv.)

- Act CLXV of 2013 on Complaints and Public Interest Disclosures. (Pktv.)

- Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity (Grtv.)

Our Company reserves the right to modify this Policy, of which the data subjects shall be notified in an appropriate manner and format. Publication of information on data processing can be found on www.melisolutions.com.

Budapest, 30 November 2018

Meli Business Solutions Limited

Data Controller