Data Protection Notice
This document provides information on the processing of personal data related to the viko.hu website (“Website”) by VIKO Networks Kft., as data controller (“Data Controller”).
- Purpose of this document
During the operation of the Website, the Data Controller processes the personal data of visitors to the Website (“Data Subject” or “User”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (“Info Act”). The Data Controller hereby informs Data Subjects about the data processing activities associated with the use of the Website.
The Data Controller reserves the right to unilaterally modify this document at any time. The modified data protection notice shall be effective from the date of its publication. - The Data Controller
VIKO Networks Kft.
Registered office and postal address: Árpád Fejedelem utca 18., 2142, Nagytarcsa, Hungary.
E-mail address: info@viko.hu
Company registration number: 13-09-231839
Tax number: 32469354-2-13
Represented by: Viktor Széchenyi
Hereinafter: “Data Controller”
- Data processing activities during the use of the Website
I. Contact via e-mail (info@viko.hu) or through online social media platforms (Facebook, TikTok, Google)
Purpose of data processing: To respond to the User’s inquiry and to the matters described during contact; in the case of using social and other online platforms, to facilitate user registration by integrating the authentication system of an external service provider
Legal basis for data processing: The User’s voluntary, informed prior consent (GDPR Article 6(1)(a))
Scope of data processed: E-mail address, other personal data provided by the User (typically name), or user identification data required for login via an external service provider (Facebook, TikTok, or Google)
Data retention period: The Data Controller retains the e-mail(s) and data forms for a maximum of 6 months from the date of contact / the last communication with the User.
Authorized access: Authorized employees and contractors of the Data Controller whose responsibilities include communication and responding to inquiries.
II. Appointment booking for consultation
Purpose of data processing: To enable the User to book an appointment for consultation and to confirm the booking via e-mail
Legal basis for data processing: The User’s voluntary, informed prior consent (GDPR Article 6(1)(a))
Scope of data processed: Name, e-mail address, telephone number
Data retention period: The Data Controller retains the e-mail(s) for a maximum of 6 months from the date of contact / the date of the last booked consultation
Authorized access: Authorized employees and contractors of the Data Controller whose responsibilities include communication and responding to inquiries.
III. Subscription (to newsletters and DM communications on digital marketing, SEO, online advertising, and content creation)
Pursuant to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Limitations of Commercial Advertising Activities, the Data Subject may give prior and express consent for the Data Controller to contact them with advertising offers and other communications at the contact details provided during registration. The Data Controller does not send unsolicited advertising messages, and the Data Subject may unsubscribe from receiving offers without restriction. In this case, the Data Controller deletes all personal data necessary for sending advertising messages from its records and does not contact the Data Subject with further advertising offers. The Data Subject may unsubscribe from advertisements by clicking the link in the message.
Purpose of data processing: To send electronic newsletters, informational and marketing e-mails and SMS messages to the User.
Legal basis for data processing: The Data Subject’s voluntary, informed prior consent (GDPR Article 6(1)(a)) and Section 6(5) of the Advertising Act
Scope of data processed: Name, e-mail address, telephone number
Data retention period: The Data Controller processes the data until the Data Subject unsubscribes (withdraws consent).
Authorized access: Authorized employees and contractors of the Data Controller whose responsibilities include marketing and sales activities.
IV. Invoicing
Purpose of data processing: Issuing invoices, preparing and maintaining accounting records in accordance with legal requirements
Legal basis for data processing: Compliance with a legal obligation under Article 6(1)(c) of the Regulation. (Accounting Act Section 169(2))
Scope of data processed: Name of the Data Subject/company, billing address, company tax number, bank account number in case of bank transfer
Data retention period: The Data Controller is required to retain payment and invoicing data for 8 years.
Authorized access: Authorized employees of the Data Controller whose responsibilities include financial and invoicing tasks, and the data is forwarded to the accountant.
- Data processors, independent data controllers
During the operation of the Website, the Data Controller uses the following data processors and independent data controllers:
Online contracting – PandaDoc document creator
Name: PandaDoc Inc.
Registered office: 3739 Balboa St #1083, San Francisco, CA 94121, United States
Contact: legal@pandadoc.com
https://privacyportal.onetrust.com/webform/68a57c74-9312-47e6-858f-68e403ff26c9/8d7ba1f2-cd85-4b02-8bcb-76a22d869123
Data protection notice: https://www.pandadoc.com/privacy-notice/
Invoicing – Billingo invoicing software
Name: Billingo Technologies Zártkörűen Működő Részvénytársaság
Registered office: 1133 Budapest, Árbóc utca 6. I. emelet
Representative: Albert Sárospataki, CEO
E-mail: hello@billingo.hu
Data Protection Officer: dr. Zalán Gyetvai, attorney-at-law
Contact: 1011 Budapest, Fő utca 41. 3/2.
Data protection notice: https://www.billingo.hu/adatkezelesi-tajekoztato
Newsletter delivery – MailerLite newsletter system
Name: MailerLite Limited
Registered office: 38 Mount Street Upper, Dublin 2, D02 PR89, Ireland
Contact: https://www.mailerlite.com/contact-us?category=legal
Data protection notice: https://www.mailerlite.com/legal/privacy-policy
Data processing activity: Sending newsletters and DM messages
- Links
Please note that the Website contains links that lead to other websites (Google, Facebook, TikTok). The use of such external websites is governed by the privacy policy and notice of the respective website, and following a click on an external link or the appropriate button, the Data Controller is unable to influence the collection, storage, or processing of personal data. - Data security
The Data Controller respects the requirements for the security of personal data, and both the Data Controller and authorized data processors take all technical and organizational measures and establish procedural rules necessary to enforce the provisions of the Info Act and the GDPR regarding confidentiality and data security.
The Data Controller protects the data it processes with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction or damage. - Rights of Data Subjects and enforcement of rights
The personal data provided by the Data Subject to the Data Controller must be true, complete, and accurate in all respects.
The Data Subject may request information about the processing of their personal data, and may request the rectification or – except in cases of mandatory data processing – deletion or withdrawal of their personal data, and may exercise their right to data portability and objection in the manner indicated at the time of data collection or via the Data Controller’s contact details above.
The right to information may be exercised in writing through the contact details specified in this notice.
The Data Subject’s right of access: The Data Subject has the right to obtain from the Data Controller confirmation as to whether personal data concerning them are being processed, and to have access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; the envisaged period for which the personal data will be stored; the right to request rectification, erasure, or restriction of processing and to object; the right to lodge a complaint with a supervisory authority; information about the data sources; the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject
The Data Controller shall provide a copy of the personal data undergoing processing to the Data Subject. For any further copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request electronically, the information shall be provided by the Data Controller in electronic form. The Data Controller shall provide the information within a maximum of one month from receipt of the request.
Right to rectification: The Data Subject may request the rectification of inaccurate personal data concerning them processed by the Data Controller and the completion of incomplete data.
Right to erasure: The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– the Data Subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
– the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
– the personal data have been unlawfully processed;
– the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
– the personal data have been collected in relation to the offer of information society services
Erasure of data may not be requested if the processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; for reasons of public interest in the area of public health, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise, or defense of legal claims.
Right to restriction of processing: The Data Controller shall restrict processing at the request of the Data Subject if one of the following applies:
– the Data Subject contests the accuracy of the personal data, for a period enabling the Data Controller to verify the accuracy of the personal data;
– the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise, or defense of legal claims; or
– the Data Subject has objected to processing; this applies for the period pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The Data Controller shall inform the Data Subject before the restriction of processing is lifted. Right to data portability: The Data Subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another data controller.
Right to object: The Data Subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions. Where the Data Subject objects, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise, or defense of legal claims. Where personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Automated individual decision-making, including profiling: The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
The above right does not apply if the processing
– is necessary for entering into, or performance of, a contract between the Data Subject and the Data Controller;
– is authorized by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests; or
– is based on the Data Subject’s explicit consent.
Right to withdraw consent: The Data Subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The Data Controller shall inform the Data Subject without undue delay and in any event within one month of receipt of the request of the action taken pursuant to a request under Articles 15 to 22 of the GDPR. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
The Data Controller shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the Data Subject makes the request electronically, the information shall be provided electronically where possible, unless otherwise requested by the Data Subject.
If the Data Controller does not take action on the request of the Data Subject, the Data Controller shall inform the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
The Data Controller shall provide information and communication free of charge. Where requests from a Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.
The Data Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the Data Subject about those recipients if the Data Subject requests it.
Remedies:
Contacting the Data Controller
If you believe that the Data Controller has violated your rights in the processing of personal data, please contact the Data Controller at info@viko.hu.
Right to lodge a complaint with a supervisory authority
The Data Subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information regarding the processing of their personal data (Postal address: 1363 Budapest, Pf. 9., Address: 1055 Budapest, Falk Miksa utca 9-11, Telephone: +36 (1) 391-1400, E-mail: ugyfelszolgalat@naih.hu.)
Right to a judicial remedy:
In the event of a violation during the processing of your personal data, you may also turn to the courts. The case falls within the jurisdiction of the regional court. The action may also be brought before the regional court of the Data Subject’s place of residence or habitual residence, at the Data Subject’s choice. The contact details of the regional courts can be found at the following link: https://birosag.hu/torvenyszekek.
Budapest, 01.03.2026