Skip to content
Menu
Menu

Privacy Policy

Mobilbox Self-Storage Ltd. (hereinafter: Data Controller), as the operator of the website available under the domain name https://mboxstorage.hu/ (hereinafter: Website), hereby publishes information on data processing carried out within the framework of the services available on the Website.

By providing their personal data, users visiting the Website (hereinafter: Users) accept all the conditions set forth in this Privacy Policy (hereinafter: Policy), therefore, we kindly ask you to carefully read this Policy before using the Website.

Data of the Data Controller

  • Registered office: 1097 Budapest, Kén u. 6.
  • Represented by: Sergiy Ponomarov
  • Email address: info@mboxstorage.hu
  • Phone number: +36-30-082-2777

Scope of Processed Data

During Quotation Request on the Website

During the quotation request on the Website, Users have the opportunity to provide their data on the interface provided for quotation requests so that the Data Controller can fulfill their quotation request. The following personal data can be provided during the quotation request (data marked with * are mandatory):

  • Full name*
  • Email address
  • Phone number*
  • Address (postcode, city)
  • Information related to the quotation request

Newsletter Subscription

On the Website, Users have the opportunity to subscribe to the newsletter (hereinafter: Newsletter) of the Data Controller only through a designated interface. The following personal data must be provided for subscribing to the Newsletter (data marked with * are mandatory):

  • Full name*
  • Email address*

Only persons who have reached the age of 18 are entitled to provide data on the Website.

Purpose and Duration of Data Processing

The Data Controller uses the data for the following purposes:

  • During Quotation Request on the Website: The purpose of data processing is to provide the services of the Website, thus fulfilling the quotation request, and maintaining contact with Users regarding the quotation request.
  • In Case of Subscribing to the Newsletter: Sending electronic newsletters, advertising messages about offers, services, news, and competitions related to the Data Controller to the email address provided by the User.

The Data Controller processes personal data for the duration of the existence of the purpose of data processing, thus in the case of a quotation request, for a maximum of 30 days from the fulfillment of the quotation request, or until the User requests the deletion of their data or withdraws their consent to the processing of personal data for sending Newsletters. Personal data will be deleted immediately upon the cessation of the purpose of data processing, after the deadline specified in this section, or at the request of the User.

Legal Basis for the Processing of Personal Data

During the quotation request or subscribing to the Newsletter, Users consent to the Data Controller processing their personal data as described in this Policy. The processing of personal data is based on the voluntary consent of the User informed by this Policy.

Users may only provide their own personal data on the Website. If they do not provide their own personal data, it is the obligation of the data provider to obtain the consent of the person concerned.

Circle of Persons Entitled to Know Personal Data, Data Processing

The Data Controller and the data processors employed by it are entitled to know the personal data in accordance with applicable laws.

The processing of data is carried out by the following data processor acting on behalf of the Data Controller:

  • Hosting provider: IT-SENSE Ltd. 9400 Sopron, Cseresznye sor 29. +36 99 524 524
  • Website editor: webformance Ltd. 1097 Budapest, Óbester u. 13. info@webformance.hu

The Data Controller reserves the right to involve further data processors in the data processing in the future, about which it informs Users by amending this Policy.

In the absence of express legal provisions, the Data Controller may only transfer data suitable for personal identification to third parties with the express consent of the User.

User Rights

Access to Personal Data

Upon request of the User, the Data Controller provides information on whether it processes personal data, and if so, grants access to the personal data and informs the User about the following information:

  • Purpose(s) of data processing
  • Types of personal data processed
  • Legal basis and recipients of data transfer in case of transfer of personal data of the User
  • Planned duration of data processing
  • Rights of the User regarding the correction, deletion, and restriction of processing of personal data, as well as objections to the processing of personal data
  • Possibility to appeal to the Authority
  • Source of data
  • Essential information about profiling
  • Name, address, and activities related to data processing of data processors

The Data Controller provides the User with a copy of the personal data subject to data processing free of charge. For additional copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs. If the User has submitted the request electronically, the information must be provided in a widely used electronic format, unless requested otherwise by the data subject.

The data controller shall, without undue delay and at the latest within one month from the receipt of the request, provide the information requested by the User in an intelligible form. The User may submit the request for access to the contact details specified in point 1.

Correction of Processed Data

The User may request the data controller (at the contact details specified in point 1) to correct inaccurate personal data or to complete incomplete data, taking into account the purpose of data processing. The data controller shall make the correction without undue delay.

Deletion of Processed Data (Right to be Forgotten), Blocking

The User may request the data controller to delete the personal data concerning him/her without undue delay, and the data controller shall be obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed
  • The User withdraws his/her consent and there is no other legal basis for data processing
  • The User objects to the processing of his/her personal data
  • The processing of personal data has been unlawful
  • The personal data must be erased to comply with a legal obligation under Union or Member State law to which the data controller is subject
  • The personal data have been collected in relation to the offer of information society services referred to in point 1

If the data controller has made the personal data public (made them available to third parties), and is obliged to delete them based on the above, taking into account the available technology and the cost of implementation, it must take reasonable steps, including technical measures, to inform the data controllers processing the personal data that the User has requested the deletion of any links to, or copies or replications of, those personal data.

Personal data need not be deleted in the following cases:

  • For exercising the right of freedom of expression and information
  • For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • For reasons of public interest in the area of public health
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the erasure of data is likely to render impossible or seriously impair the achievement of the objectives of that processing
  • For the establishment, exercise or defence of legal claims

Restriction of Data Processing

The User has the right to request the data controller to restrict data processing instead of correcting or deleting personal data if one of the following applies:

  • The User disputes the accuracy of the personal data, in which case the restriction applies for the period allowing the controller to verify the accuracy of the personal data
  • The processing is unlawful, and the User opposes the erasure of the data and requests the restriction of their use instead
  • The data controller no longer needs the personal data for the purposes of the processing, but the User requires them for the establishment, exercise or defence of legal claims
  • The User has objected to processing, in which case the restriction applies for the period until it is verified whether the legitimate grounds of the controller override those of the User

If processing is restricted, such personal data, with the exception of storage, may only be processed with the User’s consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

The data controller informs the User whose processing has been restricted in advance of the lifting of the restriction on processing.

The Obligation to Provide Information Related to the Correction or Deletion of Personal Data, or the Restriction of Data Processing

The data controller shall inform all recipients of personal data of any correction, deletion, or restriction of processing unless this proves impossible or involves disproportionate effort. At the User’s request, the data controller shall inform these recipients.

Right to Object

The User may object to the processing of his/her personal data if the processing is:

  • Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller
  • Necessary for the purposes of the legitimate interests pursued by the data controller or by a third party
  • Based on profiling

In case of objection by the User, the data controller may not further process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights and freedoms of the User, or for the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, including profiling related to such direct marketing, the User shall have the right to object at any time to the processing of personal data concerning him/her for such marketing, including profiling, to the extent that it is related to such direct marketing. If the User objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes.

Actions of the Data Controller in Connection with the User’s Request

The data controller shall inform the User without undue delay, but at the latest within one month from the receipt of the request, of the actions taken in response to the request for access, correction, deletion, restriction, objection, or data portability. Where necessary, taking into account the complexity and number of requests, this period may be extended by two further months. The data controller shall inform the User of any such extension within one month of receipt of the request, stating the reasons for the delay. If the User has submitted the request electronically, the information shall, as far as possible, be provided electronically unless otherwise requested by the User.

If the data controller does not take action on the User’s request, the data controller shall inform the User without undue delay, but at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking judicial remedy.

Upon the User’s request, information, notification, and actions taken based on their request must be provided free of charge. If the User’s request is clearly unfounded or excessive, particularly due to its repetitive nature, the Data Controller may charge a reasonable fee or refuse to take action based on the request, taking into account the administrative costs associated with providing the requested information or notification. The burden of proving that the request is clearly unfounded or excessive lies with the Data Controller.

Data Security

The Data Controller commits to ensuring the security of data, taking technical and organizational measures, and establishing procedural rules to ensure that collected, stored, and processed data are protected, preventing their destruction, unauthorized use, and unauthorized alteration. It also commits to notifying any third parties to whom the data is transmitted or disclosed based on the Users’ consent to comply with data security requirements.

The Data Controller ensures that unauthorized persons cannot access, disclose, transmit, modify, or delete the processed data. The processed data can only be accessed by the Data Controller, its employees, or the Data Processor it engages. It does not transfer the data to third parties who do not have the right to access the data.

The Data Controller takes all reasonable measures to prevent data from being accidentally damaged or destroyed. It imposes this commitment on its employees involved in data processing activities.

The User acknowledges and accepts that, despite the Data Controller having modern security tools to prevent unauthorized access to or disclosure of data, the protection of data cannot be guaranteed entirely on the Internet. In the event of unauthorized access or disclosure despite our efforts, the Data Controller is not responsible for such data acquisition or unauthorized access or any damage caused to the User for these reasons. Additionally, the User may provide personal data to third parties who may unlawfully use it.

Handling and Reporting Data Protection Incidents

Any event related to the unlawful processing or handling of personal data managed, transmitted, stored, or processed by the Data Controller, resulting in unauthorized or accidental access, alteration, disclosure, deletion, loss, or destruction, as well as accidental destruction and damage, shall be considered a data protection incident.

The Data Controller is obliged to report the data protection incident to the National Authority for Data Protection and Freedom of Information (NAIH) without undue delay, but no later than 72 hours after becoming aware of the data protection incident, unless the Data Controller can demonstrate that the data protection incident is unlikely to result in a risk to the rights and freedoms of natural persons. If the report cannot be made within 72 hours, the reason for the delay must be indicated, and the required information may be provided in detail without further undue delay. The report to the NAIH shall include at least the following information:

  • The nature of the data protection incident, the number, and categories of data subjects and personal data involved
  • The name and contact details of the Data Controller
  • The likely consequences of the data protection incident
  • The measures taken or planned to be taken to address, mitigate, or remedy the data protection incident

If the data protection incident is likely to result in a high risk, the Data Controller shall inform the data subjects about the data protection incident within 72 hours of becoming aware of it, through the Data Controller’s website. The notification must include at least the information specified in this section.

The Data Controller keeps records of data protection incidents for the purpose of monitoring measures related to data protection incidents and informing data subjects. The record includes the following data:

  • The scope of personal data concerned
  • The scope and number of data subjects
  • The time of the data protection incident
  • The circumstances and effects of the data protection incident
  • Measures taken to remedy the data protection incident

The Data Controller shall retain the data recorded in the register for 5 years from the detection of the data protection incident.

Enforcement Options

The Data Controller makes every effort to ensure that the processing of personal data complies with the law. However, if the User feels that this has not been the case, they may write to the contact details specified in section 1.

If the User feels that their right to the protection of personal data has been violated, they may seek redress from the competent authorities in accordance with the applicable laws:

Other Provisions

This Information Notice is governed by Hungarian law, in particular the provisions of Act CXII of 2011 on informational self-determination and freedom of information, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Budapest, May 15, 2024

Data Controller