Data Protection Statement of Yettel Hungary

This statement was last updated on: 25 May 2018

Data protection is very important to us, and we wish to be transparent about how we collect and use your personal data. Please read this statement thoroughly and contact us if you have any questions or queries.

This statement contains information on your rights related to your personal data, and lets you know the principles that Yettel Hungary follows in the course of processing your personal data. The document below contains the general conditions of personal data processing; as such, it is applicable to the use of all of the services, products and websites of Yettel Hungary, including any products or services provided together with our partners. In addition, depending on the product or service concerned, other special conditions may be applicable as well. Please read these terms and conditions carefully, as both the statement and the special conditions contain obligations that you must meet, if you choose to use our services. Special conditions shall apply where there is a contradiction between the general conditions set out in this document and such special conditions.

1.  The data processing principles of Yettel Hungary


Yettel Magyarország Zrt. (Yettel Hungary Ltd., hereinafter: Yettel Hungary or Yettel) is a business association with its registered address at H-2045 Törökbálint, Pannon út 1, registered by the Pest County Court as Court of Registration under company registration number 13-10-040409. 

Our objective is to comply with the applicable requirements in the course of our data processing, and to ensure that all of our customers are able to rest assured when it comes to entrusting us with their personal data. To this end, the following fundamental data protection principles are applied:

  1. Your personal data will be processed in accordance with the provisions of this statement and the applicable laws.
  2. We will do everything that can be reasonably expected in order to make the processing of your personal data transparent, and we are at your service if any questions arise.
  3. Personal data are only processed for specified, explicit and legitimate purposes, and only in the manner and for the duration needed for these purposes. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. We also ensure the appropriate storage of personal data, as well as the observance of the principle of data minimisation in the course of our data processing activities. 
  4. Your personal data are protected through appropriate security measures, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  5. Our products and services are developed with data protection aspects in mind. This means that the protection and appropriate processing of your data is a key priority for us, and that we endeavour to do everything in our power to make sure that the products and services we develop come with appropriate built-in data protection safeguards, and that any special considerations are already assessed during the planning phase in order to make sure that we provide you with the best possible service.

Back to table of contents

2.  Legal background of the processing of personal data


While processing your personal data, we act in accordance with the above data protection principles and the applicable laws.

{(a)    Act C of 2003 on Electronic Communications (Electronic Communications Act);
(b)    Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act);
(c)    Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society-Related Services (E-commerce Act);
(d)    Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations on Business Advertising (Advertising Act);
(e)    Act CLXV of 2013 on Complaints and Public Interest Disclosures;
(f)    Decree No. 2/2015 (III. 30) of the National Media and Infocommunications Authority on the detailed rules of subscription contracts in the field of electronic communications (Subscription Agreement Decree);
(g)    Decree No. 4/2012 (I. 24.) of the National Media and Infocommunications Authority on the confidentiality and data protection obligations related to public electronic communications services, on the special conditions of data processing and confidentiality, on the security and integrity of networks and services, on the management of traffic and invoice data and the rules of calling line identification and call forwarding (NMIA Decree 4/2012);
(h)    Commission Regulation (EU) No 611/2013 of 24 June 2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC of the European Parliament and of the Council (Electronic Communications Directive) on privacy and electronic communications (Regulation 611/2013/EU);
(i)    Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation (hereinafter: GDPR)).
t}

Back to table of contents

3.  Everyday data processing


The type of personal data collected and the method used to collect the personal data depends on the purpose of the data collection, which, in turn, is in line with the products and services used by you. In general, we collect and use your personal data, if:

  • the data are required to provide the product or service used by you and/or for the conclusion or performance of the contract concluded with you, 
  • the data are indispensable for handling your complaints or comments that may arise;
  • we are required by law to collect and process the data;
  • the data are necessary in order to improve your user experience;
  • the data are required to ensure appropriate product and service quality, or to improve that quality; or
  • You have consented to the collection and use of your data for a particular purpose, such as participating in a prize competition.

We can collect data about you from other sources as well.

The type of personal data we collect and the method we use to collect the data also depends on whether you are already a subscriber to one of our services, or if, for example, you are only browsing through our offers on our website.

If you are using one of our electronic communication services as a subscriber, you can find detailed information on data protection in Annex 2 to the General Terms and Conditions (available only in Hungarian) [ (“The processing of Subscribers’ and users’ personal data at Yettel Hungary Ltd.” (Data Processing Information) (available only in Hungarian here).
Yettel operates a Compliance function to support the implementation of the Yettel’s Code of Ethics, internal policies and relevant legislations and other compliance related issues. This also covers the translation of ethics and compliance principles into day-to-day activities, answering and managing ethical and compliance questions and dilemmas, monitoring employees´ compliance and investigation of potential breaches.
Any person may raise a concern or report a potential breach to Yettel Hungary Compliance through sending an email to compliance@Yettel.hu. All reports are handled confidentially and nobody reporting such cases to us in good faith may suffer any disadvantage due to the reporting.
If you are using one of our mobile applications, the Privacy Notice provided at the time of downloading the application will be applicable to the processing of your personal data with regard to the use of the mobile application. The Privacy Notice can also be accessed subsequently from our application and at the following link.

If you are browsing through our websites or are using a service available on one of our websites, in addition to this information document you can find additional information on data protection in the document entitled “Legal disclaimer and terms of service”. More information about the cookies and the management thereof is available on our website at a pop-up window for consent management window where you can also do the settings which cookies you agree with.Additional conditions and provisions may be applicable to certain services available on our websites; additional information on these may be found on the associated websites where the given service or product is offered.
Yettel operates a compliance hotline that you can use to report breaches of laws, Yettel’s Code of Ethics or Yettel’s internal regulations. If you report an incident, your personal data will be subject to processing. You can find detailed information on the reporting process and processing personal data in the document entitled “Notice on compliance reports”. 
If you are using one of our mobile applications, the Privacy Notice provided at the time of downloading the application will be applicable to the processing of your personal data with regard to the use of the mobile application. The Privacy Notice can also be accessed subsequently from our application, or through the following link.

Yettel Hungary processes your personal data based on different legal bases during each data processing activity. Subscribers can find detailed information on the various data processing activities in the Privacy Notice. The legal bases used in the case of web-based products and applications are detailed in the relevant notices. 

The possible legal basis for our data processing activities, in general, are the following: 

  • consent, if you have given consent to the processing of your personal data for one or more specific purposes;
  • the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
  • compliance with a legal obligation to which Yettel is subject;
  • processing is necessary in order to protect your or another natural person’s vital interests;
  • processing is necessary for the purposes of the legitimate interests pursued by Yettel or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

Information is always provided on the legal basis of data processing for a given data processing purpose in the privacy notice applicable to the data processing at hand. 

Back to table of contents

4.  The various data processing activities at Yettel


The purpose of the data processing conducted on our websites and other digital platforms is to ensure that we are able to provide you with the best possible quality of digital experience. The data processing may be linked to the use or purchase of services and products, which requires that we identify you. Improving the online user experience is achieved by applying a variety of digital technologies; these allow us to provide you with personalised offers or products and services that are relevant to you on our website or mobile application. In addition, if you are also using our services as a subscriber, your data is also being processed during the use of the given service or product, as follows:

The detailed privacy notices relevant to Yettel’s various data processing activities are available through the following link.

4.1.  Information required for the provision of services

The personal data provided by you (e.g. name, address, other data that can be used for identification purposes; contact information, e.g. email address), and the data that we collect about you (e.g. product usage data, network use data) are used in connection with the services used by you. Act C of 2003 on Electronic Communications (Electronic Communications Act), under Chapter XVII Data Handling Regulations, stipulates that the service provider may handle the personal data as necessary and sufficient for the identification of the user or subscriber with a view to concluding an electronic communications service contract, specifying its content, amending it, monitoring its performance, billing the fees originating from it and enforcing the related claims; more information on what is necessary and sufficient personal data to identify the subscriber is contained in the Privacy Notice.

4.1.1 In order to be able to provide our services to you, such as any of our tariff packages, the Yettel Wallet or MyTv services, etc., we require certain personal data.
These include:
(a)    your name, telephone number, email address, postal address, date of birth and other data that you provide when registering for our services or concluding a contract with us;
(b)    information related to payment, such as bank card data or other banking and payment data, that you also provide while concluding the contract.
These data are typically collected in the following cases:
(a)    when you register for one of our products or services,
(b)    when you purchase or use one of our products or services;
(c)    or when you subscribe to our newsletters or promotions pertaining to our products or services; or
(d)    when you request information or have questions or feedback regarding one of our products or services or our website.
These data are typically used
•    to provide the given service or product;
•    to process data related to your contract;
•    to conduct credit-rating checks,
•    to meet payment terms; and
•    to communicate with you
•    to complete or to manage information requests or inquiry as regards our product, service or website.

4.1.2 Other data also need to be processed in order to be able to provide our services:

We can collect other data on you while you are using our products, services or web pages. These data may include:
(a)    data related to your contract (for example, the end date of your loyalty period) and data related to your communication with us (e.g., your queries addressed to our customer service, your feedback and data related to your compliance with payment terms and invoicing dates);
(b)    product use data, such as the date you last used an application, how long you spent using a certain application, or how much you spent on a given product or service;
(c)    network data, including the data on mobile calls and short text messages (e.g. the dates of the calls and short text messages originated or received by you (but not their content), or the duration of the calls originated or received on our network);
(d)    positioning data (not recorded as a geographical address, but as cell data), when:
(i)    you use our telecommunications services, such as placing a call or sending a short text message, or use our broadband services;
(ii)    an emergency call is placed (during such an occurrence, the party receiving the emergency call must be provided with the subscriber’s location data);
(iii)    it is essential for investigating customer complaints;
(iv)    you use one of our location-based services, if you subscribe to such a Yettel service; or when
(v)    you register for certain location-based promotional activities.
(e)    The technical and analytical data generated during your use of different online services, for example, when you visit one of our websites and/or use one of our online services (browsing, online purchases, online service manipulation, chat, email, downloads, software updates, video streaming, etc.). A part of these data is stored as cookies and cannot necessarily be used to identify you personally, but it makes it possible for us to improve the quality of our services and to provide our clients with personalised solutions. The technical data we collect may include:
(i)    data relevant to your device, such as the serial number, type and version of your mobile device;
(ii)    network identifiers, i.e., IP addresses and port numbers;
(iii)    operating system, browser types, and their version numbers;
(iv)    type and category of service available online, such as browsing, social media/Facebook, etc.); 
(v)    time, location and mode of your use of the service and the log data;analytical data on your visit to our website and your use of our mobile application, including on where you navigated to our page from, which pages you visited on our website, which of our services and products you viewed and searched for, as well as the duration of your visit and your interactions with us. 
Yettel does not process the content of the services available online (e.g. the content of chat conversations, articles, voice calls, emails, images, videos, list of downloaded files, etc.) or user names and passwords, results of online search engines, and GPS accurate actual or historical location data (only cell codes), thereby guaranteeing the protection of your privacy, and the enforcement of the data processing principle of data minimisation.
We usually use the data to:
•    meet other obligations related to the provision of the service (for example, troubleshooting tasks or data provision requests related to network quality), or 
•    ensure that we are able to bill the fees payable for the services and products provided, and if necessary to collect any outstanding receivables;
•    use the recorded communication data for quality assurance purposes, to handle feedback, and to ensure the availability of customer service activities; 
•    improve the customer experience (e.g. for the purposes of network management and network optimisation);
•    develop our services by making sure we understand your behaviour and preferences;
•    analyse the use of our networks and services, in order to be able to identify general trends, and to create new services for our customers;
You have the right to object to the data processing by contacting us using the contact information provided, and if the data processing is based on consent, you also have the right to withdraw your consent, with the proviso that withdrawing your consent will not affect the legality of the data processing conducted on the basis of your previous consent. 

4.1.3 We also need certain personal data to be able to ensure such third party services for you whereby we proceed as re-sellers. 

Yettel Hungary may also sell third party products or service as re-seller (hereinafter referred to as ’service’ as regards this paragraph).  These are the high-way ticket purchase, parking, gambling etc services applied via SMS within the frame of the so-called mobile purchasing.  The consideration of such service provided by a third party shall be charged to the burden of the balance of the subscriber by the Yettel Hungary. Thereupon, such transactions and the consideration thereof is included in the invoices and annexes thereto issued by Yettel Hungary that shall be kept for 8 years for the compliance with legal obligations of Yettel Hungary (act C of 2000 on Accounting) (see paragraph 7 here below as well). We keep the service related data for a period of 1 year upon the termination of the contract concluded with You (implementation of the transaction) for the conclusion and performance of the contract, except for the case, if the limitation period of any contractual claim or legal consequence may be longer, including the suspension or interruption of such limitation period.
If you make a consumer complaint with regard to the above services, we are obliged to keep and to represent upon a request by supervising authority the complaint, the data contained therein, and data provided by you in the course of the complaint handling, a copy of the minutes of the complaint and the response provided thereon for a period of 5 years based on paragraph 17/A (7) of the Act CLV of 1997 on Consumer Protection. We keep the consumer complaint related voice recordings for 2 years upon paragraph I.7 of Annex No. 2 (Privacy Notice) of the Yettel Hungary’s General Terms and Conditions 
In case you use such service, Yettel Hungary and the service provider manage your personal data (for example: mobile phone number) and other information you provided (for example: plate number) or certain data from the service related circumstances (for example. date of purchase) as independent data controllers.
Details are available only in Hungarian here.
You find hereby below the details of data processings made by Yettel Hungary, specifying the recipient of the data transmission and contact details thereof:

High-way ticket purchase via SMS:

  • Categories of processed data: mobile phone number, plate number, nationality and category of vehicle, data of the purchased vignette (type, validity period),
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: Nemzeti Mobilfizetési Zrt. www.nemzetimobilfizetes.hu 

Mobile parking via SMS:

  • Categories of processed data: mobile phone number, plate number, nationality and category of the vehicle, period and place of parking,
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: Nemzeti Mobilfizetési Zrt. www.nemzetimobilfizetes.hu (közterületi parkolás esetén), EME Zrt. www.fizessenmobillal.hu (zárttéri parkolás esetén)

Gambling via SMS:

  • Categories of processed data: mobile phone number
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: Szerencsejáték Zrt. www.szerencsejatek.hu 

SMS payment - randivonal.hu:

  • Categories of processed data: mobile phone number
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: Dating Central Europe Zrt. www.randivonal.hu 

SMS payment by vending machines:

  • Categories of processed data: mobile phone number
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: Alois Dallmayr Automaten-Service Kft. http://hu.dallmayr.com 

SMS payment – SMS waitress:

  • Categories of processed data: mobile phone number
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: Multisms Kft - 1147 Budapest Telepes utca 72-74. subbasement 37., https://www.facebook.com/SMS-Pincér-Multisms-Kft-950663338347929/

SMS payment – jofogas.hu:

  • Categories of processed data: mobile phone number
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: Schibsted Classified Media Hungary Kft. www. jofogas.hu 

 
SMS payment – jobmonitor.hu:

  • Categories of processed data: mobile phone number
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: profession.hu Kft. www.jobmonitor.hu

SMS payment – csajokespasik.hu:

  • Categories of processed data: mobile phone number
  • Source of data: the data subject (person using the service, ie. subscriber)
  • Legal basis of data processing: implementation of measures requested by the data subject before the conclusion of the contract and / or performance of the contract, including the invoicing of contractual fees, any claim or right enforcement and the compliant management as well.
  • Adressee of the data transmission: The Cook Kft. www.csajokespasik.hu  

4.2.  Security of services provided to you

The data available to us are also used to maintain the security and safety of our services and communities:

  • we have the right to investigate any suspicious or illegal activities in breach of our terms of service or the applicable laws, and to take steps against them; and
  • to share your data with the competent authorities, if such an official request is received from the authorities concerned, e.g. in the interest of performing its duties, the authority requests information about you. 

Find out more about our cooperation with local law enforcement authorities here.

4.3.  Provision of offers, promotions, prize competitions and other types of data processing conducted with your consent

We can also collect and process data associated with you, which you have authorised us to collect and process by way of consent. These may include, for example, personal data that are necessary for us to be able to provide you with an appropriate offer, or which you provided us with by participating in one of our prize competitions, draws and surveys, or the data you provided in the course of other promotional activities (e.g. promotional campaigns) and on one of our distribution channels, if, pursuant to the applicable laws, your consent was required for the collection and processing of the data you provided. You may find detailed information on the data categories we process based on your consent in the relevant privacy notices. 

You may withdraw your consent at any time using our company’s contact details.

4.4     Voice recording of conversations with the Customer Service

We do a voice recording of the conversations made in the administration via telephone. Purposes and legal basis may differ on a case by case basis, it may be done for example due to legislative customer protection reasons, for qulatiy assurance or for the investigation of a complaint or for the analysis of meta data of voice recordings (for example the length of the voice recording). Precise details are available in the Privacy Information and such information shall be also shared  in the course of such conversations. 

4.5.    Processing of personal data collected from other sources

In certain cases, we may also collect personal data on you from third parties, for example in the event of number porting for the purpose of providing the number porting service.

4.6.  The transfer of your personal data to third parties in the course of the provision of Yettel services

In the interest of the full implementation of our services, it is required that some of your personal data are transferred to third parties – on a temporary basis – for the purpose of data processing. If, for example, an online payment is made in the course of using the netshop service, the number of the credit card needed to make a payment is transferred to the financial institution service provider, but we do not store the credit card number in our systems. If you also require the delivery of the purchased product, we hand over the product to be delivered, as well as its price, the name of the recipient and the postal address specified for delivery, to our delivery partner. Without consent to such a data transfer, personal data may not be processed in this manner.

The third parties to which we transfer your data give us guarantees that their data processing is conducted in compliance with the relevant data protection principles, this data protection statement and the provisions of the applicable laws.

Your personal data may be shared with the following third parties:
(a)    any company that is a member or subsidiary of the Yettel Group;
(b)    data processors acting on their behalf in respect of, for example, performance of postal services, performance of device repair tasks, systems operations, etc.);
(c)    third parties that provide services for the use of which you have granted consent, such as pay-parking);
(d)    law-enforcement bodies and other authorities, where we are under an obligation to cooperate for law-enforcement or other purposes; and
(e)    third party operators, such as collection agencies or credit rating companies.

 
Unless otherwise stipulated in the applicable legal regulations, Yettel Hungary only shares your personal data with third parties after the conclusion of a contract with the given data recipient. Click on the link below to view our partners.

In the interest of supporting its sales or customer management activities, Yettel Hungary uses data processors (e.g. operation of sales points, making telesales, telemarketing calls, recording and investigation of customer complaints, etc.), for the performance of which activities these data processors may access certain personal data stored in the systems of Yettel Hungary.
Yettel Hungary may assign data processors for the identity verification of subscirbers’ and other persons ensuring the performance of a contractual duty (for example guarantor) in order to prevent any fraud event. Such data processors shall verify the identity of the data subjects based on the data queried from the central data base set up by legislation.
In order to recover claims arising from subscriber contracts, Yettel Hungary may assign data processors, may transfer the personal data of the subscriber concerned with outstanding balances to third parties and to set up a data base together with other communications service providers and with the involvement of the party ensuring the technical background with a content specified by regulation to prevent any fraud with regard to the payment and other contractual duties.
To guard certain facilities (e.g. stores), Yettel Hungary uses the services of third parties that, in certain cases and to the extent required for the performance of guarding duties, may become aware of your personal data (e.g. checking the recordings stored on security cameras at the stores).
Yettel Hungary forwards the devices submitted for inspection or repairs to third-party subcontractors, in which case these contracted partners may gain access to personal data stored on the devices and may also become aware of the personal data contained in the work acceptance report drawn up for such repairs.
For the purpose of its own operation, for the development and modernization of its own network and for the provision of certain services, Yettel Hungary uses operational, information technology (IT) and other services provided by its contracted partners, which, acting as data processors, may have access to some of your personal data. In the course thereof, service providers located outside of the EEC region may have access to your personal data, and Yettel ensures the proper level of security by means of  legal actions in compliance with the GDPR and relevant guidelines in all such cases, please see the below information on the international data transmissions.
Yettel Hungary uses third-party data processors for the performance of logistics and data storage tasks (e.g. handling and storage of products and documentation).The delivery of certain products and consignments is performed by contracted partners on behalf of Yettel Hungary; these partners qualify as data controllers pursuant to Section 54 (1) of Act CLIX of 2012 on Postal Services.
Yettel Hungary uses the services of third-party data processors for the performance of complaint handling and troubleshooting tasks, in the course of which the data needed to respond to complaints or repair faults may be processed thereby.
Yettel Hungary uses third-party data processors to perform invoice printing and delivery tasks.
In the interest of optimising advertising displayed in electronic form, Yettel Hungary may transfer certain personal data to service providers operating online search engines and social media networks.
Yettel Hungary may also sell third party products or services as reseller. These are the highway ticket purchase, parking, gambling services applied via SMS service within the mobile purchase. In case you use such service, Yettel Hungary transfers the data processed for the prupose of concluding and / or performing the contract to the third party providing the specific product or service. Further information is available in paragraph 4.1.3 here above. 
Yettel Hungary shall be entitled to transfer the subscribers’ data as per the section 158 of the Act C of 2003 on the Electronic Communications to other service providers and / or to a common data base developed by the service providers to prevent any fraud event with regard to duties on payment or other contractual duty.

4.6.  Data processing related to debt collection

Yettel Hungary may engage external service providers to collect its outstanding debts or may transfer its claims to third-party collection agencies (factoring), pursuant to the applicable provisions of Act V of 2013 on the Civil Code, as such, amongst others, Section 6:193-204. In such cases, the personal data processed for the purpose of collecting debts are transferred to these external service providers or collection agencies. More information on the matter is contained in the Privacy Notice.

Yettel Hungary uses the following third-party data processors to perform debt collection tasks:

  • Creditexpress Magyarország Kft. (company registration number: 01-09-677951, registered address: H-1146 Budapest, Hungária krt. 179-187);
  • Ecovis Holding Kft. (company registration number: 01-09-874037, registered address: H-1036 Budapest, Bécsi út 52);
  • Vitári Law Office (Budapest Bar Association registration no. 448, registered address: H-1089 Budapest, Gaál Mózes u. 5-7);
  • E.R.T. Hungary Kft. (company registration number: 01-09-888186, registered address: H-1145 Budapest, Újvilág u. 50-52);
  • Consequence Europe Magyarország Kft. (company registration number: 01-09-721680, registered address: H-1013 Budapest, Pauler utca 11);
  • SOLVENTIS Követeléskezelő Kft. (company registration number: 07-09-019231, registered address: H-8000 Székesfehérvár, Milleniumi utca 11).

Yettel Hungary has a contractual relationship with a collection agency (Intrum Justitia Zrt. (registered address: H-1139 Budapest, Papp Károly u. 4-6, company registration number: 01-10-044857)) and, pursuant to the provisions of the Civil Code on the assignment of claims, it may transfer certain claims to it.

4.7.   Data related to the reporting and management of network problems

Yettel Hungary may engage external service providers to collect its outstanding debts or may transfer its claims to third-party collection agencies (factoring), pursuant to the applicable provisions of Act V of 2013 on the Civil Code, as such, amongst others, Section 6:193-204. In such cases, the personal data processed for the purpose of collecting debts are transferred to these external service providers or collection agencies. More information on the matter is contained in the Privacy Notice.

  • Yettel Hungary uses the following third-party data processors to perform debt collection tasks:
    •    Vitári Law Office (Budapest Bar Association registration no. 448, registered address: H-1011 Budapest, Hunyadi János út 13. Ground Floor);
    Yettel Hungary has a contractual relationship with collection agency and, pursuant to the provisions of the Civil Code on the assignment of claims, it may transfer certain claims thereof on the following comopanies:
    •    Intrum Justitia Zrt. (registered seat: H-1139 Budapest, 1139 Budapest, Fiastyúk u. 4-8., company registration number: 01-10-044857),
    •    Faktor-Ring Pénzügyi és Tanácsadó Zrt. (registered seat: 1072 Budapest, Dob u. 56‒58, company registration number: 01-10-044036
    •    Agria Portfólió Zrt. (registered seat: 3300 Eger, II. Rákóczi Ferenc út 44. VII/52., company registration number: 10-10-020187).
4.8 Data related to the reporting and management of network problems

Pursuant to the agreement between Yettel Hungary and Magyar Telekom Zrt. (registered address: H-1012 Budapest, Krisztina krt. 55, Hungary, company registration number: 01-10-041928) pertaining to the shared LTE 800 MHz 4G mobile telecommunications network, for the purposes of complying with legal obligations (Section 141 of the Electronic Communications Act) and the enforcement of legitimate interests and/or the performance of a contract, as data controller it shares data with Magyar Telekom Zrt. The purpose of such sharing of data is the handling of complaints regarding network-related problems, including, among others, troubleshooting, complaint handling and the notification of subscribers of measures taken. The categories of personal data shared for such a purpose are listed in the Privacy Notice (available only in Hungarian).

In the activity related to the operation of the network, CETIN Hungary Zrt. cooperates as data processor with Yettel Hungary.

  • Name, address and company registration number of Serbian branch office: Yettel Common Operation Ogranak Beograd (address: Omladinskih brigade 90, 11070 Belgrade, company registration number: 29505365)
  • Name, address and company registration number of Montenegro branch office: Yettel Common Operation Zrt. Dio stranog drustva Podgorica (address: Rimski trg 4, 81000 Podgorica, company registration number: 02952165).
 

Back to table of contents

5.  International data transfer


Taking advantage of our strong international presence and operation, in certain cases we use partners, service providers and technical infrastructure (e.g. servers) that are not located in your country of residence or where the service is used.

Back to table of contents

6.  How we protect your personal data


We are aware of the fact the a transmission of your personal data from the country of your residence to another country may hold privacy and security risks, we therefore transfer your data to such recipient party that apply the proper security measures, for example as regards the valid legal basis of data transmission. We commit ourselves towards the subscribers of Yettel entities within the EEA countries to conclude EU model conditions on international data transmission (Standard Contractual Clauses, SCCs). The Court of the European Union held in its decision number C-311/18 (Schrems II.) that further measurements may become necessary in addition to the measures ensured in the model conditions for ensuring the compliance with the security level ordered by the EU law. We are continuously monitoring the related recommendations and guidelines, and we do the necessary adjustments as regards the model conditions we use. We commit ourselves towards the subscribers of Yettel entities outside the EEA region to conclude such agreements with our partners that ensures the data privacy and the security of data transmission. 

EU model conditions are available here. Additionally, you may also request these conditions from Yettel.

Taking into account the risks of varying likelihood and severity, Yettel implements the appropriate technical and organisational measures to ensure the security and safety of your personal data.

If Yettel processes your data based on its own or a third party’s legitimate interests, you have the right to object to data processing.

We ensure the security of your personal data by implementing the following measures:
a.    When we process your data through other operators or data processors, we ensure at all times that the given operators and data processors apply the appropriate technical and organisational measures in order to ensure that the data are kept secure. Such control mechanisms include controlling access to the data and the infrastructure that houses the data, as well as the entry into agreements with the third party that sets out a requirement of compliance with the applicable laws. When developing our products and services, we are already paying attention to integrating and establishing appropriate data protection guarantees.
b.    When you use your telephone number or username and password to log in to your My Yettel account to use one of our services, we encrypt all data using a cryptographic protocol such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption. We also apply such cryptographic protocols on all web pages where we collect personal data. Purchases through such web pages can only be made using browsers that support TLS or SSL (e.g. Internet Explorer, Safari, Firefox or Chrome). This means that your personal data are protected during the transfer online;
c.    If you have a username and password that provide access to our services and you have been inactive for some time, you are automatically logged out of your account to ensure the safety of your data;
d.    When your telephone device connects to the Yettel network, communication between your device and the network is done through an encrypted channel, ensuring thereupon the confidentiality of communication. Yettel ensures the confidentiality of the communication content via organizational and technological measures within its own systems. If the applied service requires the co-operation with one of the co-service providers (for example mobile termination to another network), it happens based upon such a third party contract that ensures the compliance with the relevant legislations. 
e.    If needed, we use data protection impact analyses to gauge how a given activity would impact the safety of your personal data.

Back to table of contents

7.  How long we store your personal data


Your personal data are only stored for legitimate purposes, for the duration needed for these purposes. When such data are no longer needed, they are erased.

The retention periods applied to the various data processing purposes are detailed within our relevant privacy notices. Data retention periods may vary greatly; for instance, video recordings created for security purposes must be retained for 3 days pursuant to the applicable law, whereas pursuant to Act C of 2000 on Accounting, accounting documents – and their attachments – that directly or indirectly support accounting (e.g. bills issued on subscriber fees) must be retained for 8 years.

Back to table of contents

8.  Your rights and their enforcement


It is important for us that you are fully aware of your rights in respect of personal data. 

Pursuant to Articles 15-20 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation (hereinafter: GDPR)), you have the following rights in respect of your personal data processed by Yettel:

a)    the right of access;
b)    right to request rectification;
c)    the right to request the erasure of data;
d)    the right to request restriction of processing;
e)    the right to object to the processing of your personal data;
f)    the right to receive the personal data and the right to transfer those data to another data controller if the statutory prerequisites for this exist (right to data portability);
g)    if personal data are processed on the basis of consent, the right to withdraw consent at any time.

You may send your request regarding the exercise of your rights using the specified contact details, which are as follows: via email to adatvedelem@yettel.hu, or by post to 2045 Törökbálint, Pannon út 1, Hungary, over the phone at 1220 or in person at Yettel’s customer service and sales points. Up-to-date information on the contact details of Yettel’s Customer Service Points (and Sales Partners) are available at http://www.yettel.hu/elerhetoseg/uzletkereso/.

Information on data processing may be requested free of charge once a year. As a general rule, should the data subject again request information with respect to the same scope of data in the same year, Yettel Hungary is entitled to ask for the reimbursement of its costs (HUF 500/audio recording, HUF 5/sheet). Yettel Hungary reserves the right to determine the amount and due date of reimbursement based on the individual circumstances of the given case. 

Yettel provides information on the measures taken as a result of the request received without undue delay, but typically within 30 days of the receipt of such a request. If Yettel takes no measures, it provides information on the reasons for not taking measures without delay, but typically within 30 days of the receipt of the request. If you do not agree with Yettel’s response or measures, there are avenues of legal remedy available to you. Yettel shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Upon request, Yettel provides information on the recipients.

If you feel your rights have been violated, you may turn to the court or lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH, registered address:H-1055 Budapest, Falk Miksa utca 9-11.; telephone number: +36 1 391 1400; fax: +36 1 391 1410; email: ugyfelszolgalat@naih.hu).

If you require more detailed information on your data protection rights, read the information below or contact us.

Right of access

You have the right to obtain from Yettel confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and information on the circumstances of data processing. The information requested may cover the following data: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed by Yettel, the envisaged period for which the personal data will be stored, or, if the personal data are not collected directly from you, any available information as to their source. 

Rectification

You have the right to obtain from Yettel without undue delay the rectification of inaccurate personal data, and to have incomplete personal data completed. 
Right to erasure (‘right to be forgotten’) 
You shall have the right to obtain from Yettel the erasure of personal data concerning you without undue delay where one of the following grounds applies: 
a)    the personal data are no longer necessary;
b)    the consent on which the processing is based is withdrawn and there is no other legal ground for processing;
c)    you object to the processing and there are no overriding legitimate grounds for processing;
d)    the personal data have been unlawfully processed by Yettel;
e)    the personal data have to be erased for compliance with a legal obligation.
Yettel shall not erase the data if data processing is required on one of the following grounds: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing by law; (iii) for the establishment, exercise or defence of legal claims.

Right to restriction of processing

You have the right to obtain from Yettel the restriction of processing where one of the following applies:
a)    you contest the accuracy of the personal data, for a period enabling Yettel to verify the accuracy of the personal data;
b)    the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
c)    Yettel no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
d)    you have objected to processing, pending verification of whether the legitimate grounds of the data controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. You shall be informed by Yettel before the restriction of processing is lifted. 

Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Yettel’s legitimate interests. In this event, Yettel shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms, or which are related to the establishment, exercise or defence of legal claims.

Right to data portability

If this does not adversely affect the rights and freedoms of others, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You also have the right to have Yettel directly transfer these data to another data controller, where
a)    the processing is based on your consent or is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and
b)    the processing is carried out by automated means, i.e. personal data are processed in an IT system and are not paper-based.

Back to table of contents

9.  Processing the data of children


As a general rule, it can be stated that the data of children under the age of 16 are not processed without the consent of their legal representative. If we detect that we have been collecting data on children under the age of 16 without consent, we take measures to notify the legal representative, request consent and, if no consent is granted, the data are erased. In the case of services aimed at children under the age of 16 – while providing information regarding data protection rights – we request the consent of the legal representative.

Back to table of contents

10.  Review of this data protection statement


The statement shall be reviewed and revised as necessary. Should the content of the statement change significantly, we will inform you in a manner deemed appropriate by us, for example through a communication published on our website, an email message, or a short text message. When determining the manner of notification, we will take into account considerations such as the significance of the change, the services affected by the change, and the range of customers that can be reached using the given type of notification.

Back to table of contents

11.  Questions about the data protection statement


Yettel Hungary is responsible for the processing of your personal data. Should you have any questions, concerns or complaints about this data protection statement, or our processing of your data, please contact your local data protection officer using the following contact information:

Data Protection Officer
Yettel Hungary Ltd.
Address: H-2045 Törökbálint, Pannon út 1
Email: adatvedelem@yettel.hu
Telephone number: +36 20 930 4000

We will respond to your request or query to the best of our knowledge, as fast as possible but within 30 days at the latest.
If you have lodged a complaint and find our response unsatisfactory, you may refer your complaint to the Hungarian National Authority for

Data Protection and Freedom of Information (NAIH, registered address: H-1055 Budapest, Falk Miksa u. 9-11.;telephone number: +36 1 391 1400; fax: +36 1 391 1410; email: ugyfelszolgalat@naih.hu).

If you may believe that your rights have been infringed, you may bring the case to the court. Such litigation, depending on your choice - may be launched before the Budapest Environs Regional Court having competence at the registered seat of Yettel, or before the regional court having competence at your own place of residence or stay. Listing and competence of regional courts are available in Hungarian at: https://birosag.hu/birosag-kereso website. 

Back to table of contents