Data Protection Statement of Yettel Hungary

This statement was last updated on: 9 July 2024

Data protection is very important to us, and we wish to be transparent about how we collect and use your personal data. Please read this notice thoroughly and contact us if you have any questions or queries.
This notice contains information on your rights related to your personal data, and lets you know the principles that Yettel Hungary follows while processing your personal data. The document below contains the general conditions of personal data processing; as such, it is applicable to the use of all the services, products, and websites of Yettel Hungary, including any products or services provided together with our partners. In addition, depending on the product or service concerned, other special conditions may be applicable as well, these are listed in detail below. Please read these terms and conditions concerning you carefully, as both the notice and the special conditions contain obligations that you must meet, if you choose to use our services. Special conditions shall apply where there is a contradiction between the general conditions set out in this document and such special conditions.
Please note that if you use any of Yettel Hungary’s subscriber services, your use will be subject to the company’s currently effective terms and conditions, which you accept by entering into a subscriber contract and which also contain Yettel Hungary’s detailed data processing conditions for the respective services. In the event of any conflict between the general terms and conditions and this privacy notice, the provisions of the general terms and conditions shall prevail. 

1.  The data processing principles of Yettel Hungary


Yettel Magyarország Zrt. (Yettel Hungary Ltd., hereinafter: Yettel Hungary or Yettel) is a business association with its registered address at H-2045 Törökbálint, Pannon út 1, registered by the Pest County Court as Court of Registration under company registration number 13-10-040409. 

Our objective is to comply with the applicable requirements in the course of our data processing, and to ensure that all of our customers are able to rest assured when it comes to entrusting us with their personal data. To this end, the following fundamental data protection principles are applied:

  1. Your personal data will be processed in accordance with the provisions of the applicable laws, the provisions of the privacy notice and the privacy notices applicable to our individual services.
  2. We will do everything that can be reasonably expected to make the processing of your personal data transparent, and we are at your service if any questions arise.
  3. Personal data are only processed for specified, explicit and legitimate purposes, and only in the manner, scope and for the duration needed for these purposes. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay. We also ensure the appropriate storage of personal data, as well as the observance of the principle of data minimization during our data processing activities. 
  4. Your personal data are protected through appropriate security measures, including protection against unauthorised or unlawful processing, accidental loss, unauthorized access, destruction or damage.
  5. Our products and services are developed with data protection aspects in mind. This means that the protection and appropriate processing of your data is a key priority for us, and that we endeavour to do everything in our power to make sure that the products and services we develop come with appropriate built-in data protection safeguards, and that any special considerations are already assessed during the planning phase in order to make sure that we provide you with the best possible service.

Back to table of contents

2.  Legal background of the processing of personal data


While processing your personal data, we act in accordance with the above data protection principles and the applicable laws.

(a)    Act C of 2003 on Electronic Communications (Electronic Communications Act);
(b)    Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act);
(c)    Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society-Related Services (E-commerce Act);
(d)    Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations on Business Advertising (Advertising Act);
(e)    Act CLXV of 2013 on Complaints and Public Interest Disclosures;
(f)    Act CLV of 1997 on consumer protection (“Consumer Protection Act”);
(g)    Act C of 2000 on accounting; 
(h)    Act CXXXIII of 2005 on security services and the activities of private investigators;
(i)    Decree 22/2020 (XII.21.) NMHH of the National Media and  Infocommunications Authority on the detailed rules of electronic communications subscriber contracts (“Subscriber Contract Decree”);
(j)    Decree 4/2012 (I.24.) NMHH of the National Media and Infocommunications Authority on the rules concerning data protection and confidentiality in relation to public electronic communications services, special conditions for data processing and confidentiality, security and integrity of networks and services, processing of traffic and billing data, identification and call forwarding rules (”NMHH Decree 4/2012”);
(k)    Commission Regulation (EU) No 611/2013 of 24 June 2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC of the European Parliament and of the Council on privacy and electronic communications (“Directive on Privacy and Electronic Communications”) (“Regulation 611/2013/EU”);
(l)    Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR");
(m)    Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Second Payment Services Directive, PSD2 Directive).

Back to table of contents

3.  Everyday data processing


The type of personal data collected and the method used to collect the personal data depends on the purpose of the data collection, which, in turn, is in line with the products and services used by you. In general, we collect and use your personal data, if:

  • the data are required to provide the product or service used by you and/or for the conclusion or performance of the contract concluded with you, 
  • the data are indispensable for handling your complaints or comments that may arise;
  • we are required by law to collect and process the data;
  • the data are necessary in order to improve your user experience;
  • the data are required to ensure appropriate product and service quality, or to improve that quality; or
  • You have consented to the collection and use of your data for a particular purpose, such as participating in a prize competition.

We can collect data about you from other sources as well.

The type of personal data we collect and the method we use to collect the data also depends on whether you are already a subscriber to one of our services, or if, for example, you are only browsing through our offers on our website.

If you have ordered or use one of our services, the Data Processing Notice for that service will provide you with detailed information on exactly what personal data we process, for what purposes, on what legal bases and for how long. With respect to our electronic communication services (e.g. voice calls, data traffic), Annex 2 of our General Terms and Conditions will provide you with detailed information on data protection (“Processing of personal data of subscribers and users by Yettel Hungary”) (hereinafter referred to as the “Data Processing Notice”). For our other services (e.g. Yettel app, Yettel TV, Yettel Wallet), you will find direct links to the general terms and conditions of the respective services in Section 4 below, which also contains information on the processing of personal data. If you also use one of our mobile apps, the Data Processing Notice provided when you download the app will apply to the processing of your personal data in connection with your use of the mobile app. The Data Processing Notices are also available retroactively from the applications. 
Yettel operates a Compliance function to support compliance with Yettel’s Code of Conduct, internal policies and applicable legislation and other compliance related issues. This includes implementation of ethics and compliance principles in daily operations, responding to and managing ethics and compliance issues and situations, monitoring employee compliance and investigating potential violations. Anyone can report potential violations to Yettel Compliance by sending an email to compliance@yettel.hu. All reports will be treated confidentially and no one will suffer any disadvantage for reporting such cases in good faith. For detailed information on the reporting process and the processing of personal data, please see the document “Information on compliance reports”. 

If you are browsing through our websites or are using a service available on one of our websites, in addition to this information document you can find additional information on data protection in the document entitled “Legal disclaimer and terms of service”. Additional conditions and provisions may be applicable to certain services available on our websites; additional information on these may be found on the associated websites where the given service or product is offered.
Yettel operates a compliance hotline that you can use to report breaches of laws, Yettel’s Code of Ethics or Yettel’s internal regulations. If you report an incident, your personal data will be subject to processing. 
If you are using one of our mobile applications, the Privacy Notice provided at the time of downloading the application will be applicable to the processing of your personal data with regard to the use of the mobile application. The Privacy Notice can also be accessed subsequently from the application, or through the following link.  

Yettel Hungary processes your personal data based on different legal bases during each data processing activity. Subscribers can find detailed information on the various data processing activities in the Privacy Notice. The legal bases used in the case of web-based products and applications are detailed in the relevant notices. 

The possible legal basis for our data processing activities, in general, are the following: 
•    consent, if you have given consent to the processing of your personal data for one or more specific purposes;
    •    the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
    •    compliance with a legal obligation to which Yettel is subject;
    •    processing is necessary in order to protect your or another natural person’s vital interests;
•    processing is necessary for the purposes of the legitimate interests pursued by Yettel or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.
Information is always provided on the legal basis of data processing for a given data processing purpose in the privacy notice applicable to the data processing at hand. 

Back to table of contents

4.  The various data processing activities at Yettel


The purpose of the data processing conducted on our websites and other digital platforms is to ensure that we are able to provide you with the best possible quality of digital experience. The data processing may be linked to the use or purchase of services and products, which requires that we identify you. Improving the online user experience is achieved by applying a variety of digital technologies; these allow us to provide you with personalised offers or products and services that are relevant to you on our website or mobile application. In addition, if you are also using our services as a subscriber, your data is also being processed during the use of the given service or product, as follows:

The detailed privacy notices relevant to Yettel’s various data processing activities are available through the following link.

4.1.  Information required for the provision of services

We use the personal data you provide to us (e.g. name, address, other identifiers, contact details, e.g. email address) and data we collect about you (e.g. product usage data, network data) in connection with the services used by you. Pursuant to Act C of 2003 on Electronic Communications (“Electronic Communications Act”), an electronic communications service provider shall process data generated with respect to the provision of a subscriber service during the billing and collecting of the related fees and charges to the subscriber and the monitoring of subscriber contracts (Chapter XVII, Data Processing Rules, Section 157(2) of the Electronic Communications Act), and legal regulations may also provide for mandatory data processing cases for Yettel (Section 159/A). For information on data processing related to electronic communications services, please see the Data Processing Notice.

4.1.1 In order to be able to provide our services to you, such as any of our tariff packages, the Yettel Wallet or MyTv services, etc., we require certain personal data. These include:

(a)    your name, telephone number, email address, postal address, date of birth and other data (e.g. for contracts concluded through the Yettel application the photos taken during the identification process, scanned document data) that you provide when registering for our services or concluding a contract with us;
(b)    information related to payment, such as bank card data or other banking and payment data, that you also provide while concluding the contract.
These data are typically collected in the following cases:
(a)    when you register for one of our products or services, or 
(b)    when you purchase or use one of our products or services;
(c)    or when you subscribe to our newsletters or promotions pertaining to our products or services; or
(d)    when you request information or have questions or feedback regarding one of our products or services or our website.

These data are typically used
•    to provide the given service or product;
•    to process data related to your contract;
•    to conduct credit-rating checks,
•    to meet payment terms,
•    to communicate with you; and
•    to fulfill and manage your request for information about our product, service or website.

4.1.2 Other data also need to be processed in order to be able to provide our services:

We can collect other data on you while you are using our products, services or web pages. These data may include:

(a)    data related to your contract (for example, the end date of your loyalty period) and data related to your communication with us (e.g., your queries addressed to our customer service, your feedback and data related to your compliance with payment terms and invoicing dates);
(b)    product use data, such as the date you last used an application, how long you spent using a certain application, or how much you spent on a given product or service;
(c)    network data, including the data on mobile calls and short text messages (e.g. the dates of the calls and short text messages originated or received by you (but not their content), or the duration of the calls originated or received on our network);
(d)    positioning data (not recorded as a geographical address, but as cell data), when:
(i)    you use our telecommunications services, such as placing a call or sending a short text message, or use our broadband services;
(ii)    an emergency call is placed (during such an occurrence, the party receiving the emergency call must be provided with the subscriber’s location data);
(iii)    it is essential for investigating customer complaints;
(iv)    you use one of our location-based services, if you subscribe to such a Yettel service; or when
(v)    you register for certain location-based promotional activities.
(e)    The technical and analytical data generated during your use of different online services, for example, when you visit one of our websites and/or use one of our online services (browsing, online purchases, online service manipulation, chat, email, downloads, software updates, video streaming, etc.).

A part of these data is stored as cookies and cannot necessarily be used to identify you personally, but it makes it possible for us to improve the quality of our services and to provide our clients with personalised solutions. The technical data we collect may include:

(i)    data relevant to your device, such as the serial number, type and version of your mobile device;
(ii)    network identifiers, i.e., IP addresses and port numbers;
(iii)    operating system, browser types, and their version numbers;
(iv)    type and category of service available online, such as browsing, social media/Facebook, etc.); 
(v)    time, location and mode of your use of the service and the log data;
analytical data on your visit to our website and your use of our mobile application, including on where you navigated to our page from, which pages you visited on our website, which of our services and products you viewed and searched for, as well as the duration of your visit and your interactions with us.

We usually use the data to:
•    meet other obligations related to the provision of the service (for example, troubleshooting tasks or data provision requests related to network quality), or 
•    ensure that we are able to bill the fees payable for the services and products provided, and if necessary to collect any outstanding receivables;
•    use the recorded communication data for quality assurance purposes, to handle feedback, and to ensure the availability of customer service activities; 
•    improve the customer experience (e.g. for the purposes of network management and network optimisation) and the services provided to us by third parties for this purpose;
•    develop our services by making sure we understand your behaviour and preferences (if you have consented to profiling);
•    analyse the use of our networks and services, in order to be able to identify general trends, and to create new services for our customers;

You have the right to object to the data processing by contacting us using the contact information provided, and if the data processing is based on consent, you also have the right to withdraw your consent, with the proviso that withdrawing your consent will not affect the legality of the data processing conducted on the basis of your previous consent. 

In order to protect your privacy, we do not process the content of your SMS messages, calls or other communications (e.g. emails) based on the data processing principle of data minimization and the communications principle of the confidentiality of electronic communications. Similarly, we do not process information about what content you access when using our services, such as what articles you read, what email or other messages you write, what pictures or videos you view, what music you listen to, what files you download or what terms you search for. Also, we do not process current and historical location (geolocation) data of GPS (or other global positioning systems) precision, but only cell identifiers for the purposes described in Section 4.1.2 d) above. 

For law enforcement, national security, and similar legal purposes, however, your communications and data traffic may be monitored and recorded by public authorities and other public bodies. Yettel is required by law to provide the technical means to do so to public authorities and other public bodies, and consequently Yettel has no discretion related to such activities. Due to the technical implementation of monitoring and recording, Yettel does not have any information on whether monitoring and recording is taking place or has taken place in the past. The legitimacy of these activities shall be the responsibility of the given public authority or other public body.    

If you use our services outside Hungary (roaming), the legal regulations, customs and practices in effect in the given country may be different from the legal regulations, customs and practices in Hungary. Yettel has no control over these and on the respective compliance of the electronic communications service provider providing roaming services in the country concerned. 

4.1.3 In order to provide you with third party services for which we act as a reseller, we also need certain personal data.

Yettel Hungary also sells third party products or services (hereinafter jointly referred to as “Services” in this section) as a reseller. These include SMS services used for mobile shopping, and – if available for a given service – the purchase of toll stickers, parking, gambling, etc. services using the Yettel app. In these cases, the value of the third party transaction will be debited to the subscriber’s balance with Yettel Hungary. 

If you use such a service sold by Yettel as a reseller, your personal data (e.g. mobile phone number) and other information you provide (e.g. vehicle registration number) or certain data related to the circumstances of use (e.g. time of purchase) will be processed by Yettel Hungary and the service provider as separate data controllers. Yettel has no control over how and for how long your personal data is processed by the service provider. For more information please see the Data Processing Notice and the General Terms and Conditions of the relevant service provider. 

Find details here. 

Below we describe the features of such data processing activities conducted by Yettel Hungary, indicating the recipients of data transfer and their contact details: 

Purchase of a toll sticker by SMS
-    Categories of data processed: mobile phone number, vehicle registration number, country code and category, details of the toll sticker purchased (type, expiry date)
-    Source of data: the data subject (the person using the service)
-    Legal basis for processing: to take steps upon the request of the data subject prior to the conclusion of the contract and/or for the performance of the contract, including the billing of fees arising from the contract and the potential enforcement of claims and rights, as well as the handling of complaints.
-    Recipient of the data transfer: Nemzeti Mobilfizetési Rendszer Zrt. www.nemzetimobilfizetes.hu 

Mobile parking via SMS and IP-based mobile parking ticket purchase transactions (using the Yettel app)
-    Categories of data processed: mobile phone number, vehicle registration number, country code and category, parking duration, transaction type, amount to be paid, time of transaction, transaction result (successful/failed), parking zone.
-    Source of data: the data subject (the person using the service)
-    Legal basis for processing: to take steps upon the request of the data subject prior to the conclusion of the contract and/or for the performance of the contract, including the billing of fees arising from the contract and the potential enforcement of claims and rights, as well as the handling of complaints.
-    Recipient of the data transfer: Nemzeti Mobilfizetési Rendszer Zrt. www.nemzetimobilfizetes.hu (for public parking), EME Zrt. www.fizessenmobillal.hu (for indoor parking)

Gambling by SMS
-    Categories of data processed: mobile phone number
-    Source of data: the data subject (the person using the service)
-    Legal basis for processing: to take steps upon the request of the data subject prior to the conclusion of the contract and/or for the performance of the contract, including the billing of fees arising from the contract and the potential enforcement of claims and rights, as well as the handling of complaints.
-    Recipient of the data transfer: Szerencsejáték Zrt. www.szerencsejatek.hu 

Payment by SMS – randivonal.hu
-    Categories of data processed: mobile phone number
-    Source of data: the data subject (the person using the service)
-    Legal basis for processing: to take steps upon the request of the data subject prior to the conclusion of the contract and/or for the performance of the contract, including the billing of fees arising from the contract and the potential enforcement of claims and rights, as well as the handling of complaints.
-    Recipient of the data transfer: Dating Central Europe Zrt. www.randivonal.hu 

Payment by SMS at drinks and food vending machines
-    Categories of data processed: mobile phone number
-    Source of data: the data subject (the person using the service)
-    Legal basis for processing: to take steps upon the request of the data subject prior to the conclusion of the contract and/or for the performance of the contract, including the billing of fees arising from the contract and the potential enforcement of claims and rights, as well as the handling of complaints.
-    Recipient of the data transfer: Alois Dallmayr Automaten-Service Kft. http://hu.dallmayr.com 


Payment by SMS – jobmonitor.hu
-    Categories of data processed: mobile phone number
-    Source of data: the data subject (the person using the service)
-    Legal basis for processing: to take steps upon the request of the data subject prior to the conclusion of the contract and/or for the performance of the contract, including the billing of fees arising from the contract and the potential enforcement of claims and rights, as well as the handling of complaints.
-    Recipient of the transfer: profession.hu Kft. www.jobmonitor.hu

Payment by SMS – csajokespasik.hu
-    Categories of data processed: mobile phone number
-    Source of data: the data subject (the person using the service)
-    Legal basis for processing: to take steps upon the request of the data subject prior to the conclusion of the contract and/or for the performance of the contract, including the billing of fees arising from the contract and the potential enforcement of claims and rights, as well as the handling of complaints.
-    Recipient of the data transfer: The Cook Ltd. www.csajokespasik.hu
 

4.2.  Security of services provided to you

The data available to us are also used to maintain the security and safety of our services and communities (e.g. subscribers and users of our services, our employees, business partners):
•    We may investigate suspicious activities that violate our terms of service or applicable legal regulations and take corrective action. 
•    In the event of a request by a public authority, we will share your data with the competent authorities where have a legal obligation to do so. The legality of such requests shall be the responsibility of the public authority or other public body requesting the data.

4.3.  Provision of offers, promotions, prize competitions and other types of data processing conducted with your consent

We can also collect and process data associated with you, which you have authorised us to collect and process by way of consent. These may include, for example, personal data that are necessary for us to be able to provide you with an appropriate offer, or which you provided us with by participating in one of our prize competitions, draws and surveys, or the data you provided in the course of other promotional activities (e.g. promotional campaigns) and on one of our distribution channels, if, pursuant to the applicable laws, your consent was required for the collection and processing of the data you provided. You may find detailed information on the data categories we process based on your consent in the relevant privacy notices. 

You may withdraw your consent at any time using our company’s contact details.

4.4     Voice recording of conversations with the Customer Service

We do a voice recording of the conversations made in the administration via telephone. Purposes and legal basis may differ on a case by case basis, it may be done for example due to legislative customer protection reasons, for qulatiy assurance or for the investigation of a complaint or for the analysis of meta data of voice recordings (for example the length of the voice recording). Precise details are available in the Privacy Information and such information shall be also shared  in the course of such conversations. 

4.5.    Processing of personal data collected from other sources

In certain cases, we may also collect personal data on you from third parties, for example in the event of number porting for the purpose of providing the number porting service.

4.6.  The transfer of your personal data to third parties in the course of the provision of Yettel services

In the interest of the full implementation of our services, it is required that some of your personal data are transferred to third parties – on a temporary basis – for the purpose of data processing. If, for example, an online payment is made in the course of using the netshop service, the number of the credit card needed to make a payment is transferred to the financial institution service provider, but we do not store the credit card number in our systems. If you also require the delivery of the purchased product, we hand over the product to be delivered, as well as its price, the name of the recipient and the postal address specified for delivery, to our delivery partner. Without consent to such a data transfer, personal data may not be processed in this manner.

The third parties to which we transfer your data give us guarantees that their data processing is conducted in compliance with the relevant data protection principles, this data protection statement and the provisions of the applicable laws.

Your personal data may be shared with the following third parties:
(a)    any company that is a member or subsidiary of the Yettel Group;
(b)    data processors acting on our behalf in respect of, for example, performance of postal services, performance of device repair tasks, systems operations, etc.);
(c)    third parties that provide services for the use of which you have ordered or are using, such as pay-parking;
(d)    law-enforcement bodies and other authorities, where we are under an obligation to cooperate for law-enforcement or other purposes; and
(e)    third party operators, such as collection agencies or credit rating companies.

 
Unless otherwise stipulated in the applicable legal regulations, Yettel Hungary only shares your personal data with third parties after the conclusion of a contract with the given data recipient. Click on the link below to view our partners.

In the interest of supporting its sales or customer management activities, Yettel Hungary uses data processors (e.g. making telesales and telemarketing calls, etc.), for the performance of which activities these data processors may access certain personal data stored in the systems of Yettel Hungary.

In order to prevent abuse, Yettel Hungary may use data processors to verify the identity of subscribers and other persons who ensure the fulfilment of their contractual obligations. Such data processors verify the identity of data subjects based on data retrieved from a central register established by legal regulations.
Yettel Hungary may use a data processor for solvency assessment based on the data subject’s instructions to that effect. The relevant data processing rules are set out in Section 4.9.

Yettel Hungary may use data processors to recover debts arising from subscriber contracts, may transfer personal data of indebted subscribers to third parties, and may operate a common data file including the data content specified in legal regulations with other communications service providers, involving a party providing the technical background, to prevent the evasion of payment and other obligations.To guard certain facilities (e.g. stores), Yettel Hungary uses the services of third parties that, in certain cases and to the extent required for the performance of guarding duties, may become aware of your personal data (e.g. checking the recordings stored on security cameras at the stores).

Yettel Hungary forwards the devices submitted for inspection or repairs to third-party subcontractors, in which case these contracted partners may gain access to personal data stored on the devices and may also become aware of the personal data contained in the work acceptance report drawn up for such repairs. The general terms and conditions for device insurance are available here.

Yettel Hungary uses operational, information technology (IT) and other services from its contracted partners for its own operations, network development, modernization and the provision of certain services, which may have access to some of your personal data when acting as a data processor. During that, your personal data may also be accessed by service providers located outside the EEA, in which case we will always ensure the appropriate level of protection by legal means in accordance with the GDPR and the relevant guidelines. Please see below the information on international data transfers.

Yettel Hungary uses third-party data processors for the performance of logistics and data storage tasks (e.g. handling and storage of products and documentation).
The delivery of certain products and consignments is performed by contracted partners on behalf of Yettel Hungary; these partners qualify as data controllers pursuant to Section 54 (1) of Act CLIX of 2012 on Postal Services.
Yettel Hungary uses the services of third-party data processors for the performance of complaint handling and troubleshooting tasks, during of which the data needed to respond to complaints or repair faults may be processed.

Yettel Hungary uses third-party data processors to perform invoice printing and sending tasks.
In the interest of optimising advertising displayed in electronic form, Yettel Hungary may transfer certain personal data to service providers operating online search engines and social media networks (if you have consented to this, e.g. by allowing cookies for marketing purposes). The cookie information is available here.

Yettel Hungary also sells third party products or services as a reseller. This includes the purchase of toll stickers, parking, gambling, etc. services via SMS in the context of mobile shopping. If you use such a service, the data processed for the purpose of concluding and/or performing the contract will be transferred by Yettel Hungary to the third party selling the product or providing the service. For more information, see Section 4.1.3 above. 

To prevent the evasion of payment or other contractual obligations, Yettel Hungary may transfer subscriber data, as defined in Section 158 of the Act C of 2003 on Electronic Communications, to other electronic communications service providers or to a common data file created by the service providers.

4.7.  Data processing related to debt collection

Yettel Hungary may engage external service providers to collect its outstanding debts or may transfer its claims to third-party collection agencies (factoring), pursuant to the applicable provisions of Act V of 2013 on the Civil Code, as such, amongst others, Section 6:193-204. In such cases, the personal data processed for the purpose of collecting debts are transferred to these external service providers or collection agencies. 

•    Yettel Hungary has a contractual relationship with a claims management company and, in accordance with the provisions of the Civil Code on the assignment of claims, assigns certain of its claims to the following companies: INTRUM Zrt. (company registration no.: 01-10-044857, registered office: H-1139 Budapest, Fiastyúk u. 4-8.);
•    Faktor-Ring Pénzügyi és Tanácsadó Zrt. (company registration no.: 01-10-044036, registered office: 1072 Budapest, Dob u. 56‒58.).

4.8.   Data related to the reporting and management of network problems

Pursuant to the agreement between Yettel Hungary and Magyar Telekom Zrt. (registered office: H-1097 Budapest, Könyves Kálmán körút 36., Hungary, company registration number: 01-10-041928; web: www.telekom.hu) pertaining to the shared LTE 800 MHz 4G mobile telecommunications network, for the purposes of complying with legal obligations (Section 141 of the Electronic Communications Act) and the performance of a contract, as data controller it shares data with Magyar Telekom Zrt. The purpose of such sharing of data is the handling of complaints regarding network-related problems, including, among others, troubleshooting, complaint handling and the notification of subscribers of measures taken. The categories of personal data shared for such a purpose are listed in the Subscriber’s Privacy Notice.
In the activity related to the operation of the network, CETIN Hungary Zrt. (registered office: H-2045 Törökbálint, Pannon út 1.; company registration no.: 13-10-042052; web: www.cetin.hu) cooperates as data processor with Yettel Hungary. 


4.9. Processing for the purposes of solvency assessment

Yettel Hungary performs solvency assessment to determine whether the person concerned is able to fulfil the obligations undertaken at the time of the conclusion of the contract by deadline. Yettel Hungary assesses the contracting data, gender and place of purchase of the data subject, and uses an algorithm to determine the amount of the advance payment or consideration to be paid by and the discount to be granted to the data subject. The decision on the actual amount of the advance or contractual consideration to be paid by and the discount granted to the data subject, or whether or not Yettel Hungary will enter into a contract with the data subject, is always made by the agent, who may review the aggregate result offered by the algorithm in this respect.

Yettel Hungary also uses an external service provider for solvency assessment. This service uses a financial risk management tool that performs solvency assessment and predicts the data subject’s ability to repay new planned liabilities in real time by analyzing the data subject’s solvency, income, expenses, fraud patterns, potential insolvency issues, spending categories and finally assigning a risk rating (score) to the data subject based on the data subject’s bank account information on outgoing and incoming cash flows in the three months preceding the current month.

The legal basis for the data processing is completing the steps requested by the data subject prior to the conclusion of the subscription contract [Article 6(1)(b) GDPR], with the above-mentioned data processing by the external service provider always being based on the data subject’s consent to this effect aiming to ensure access to their bank account. The scope of personal data processed, if an external service provider is involved for solvency assessment: bank account information data for the 90 days preceding the date of access provided by the data subject, such as personal data on outgoing and incoming cash flows, personal data related to fraud patterns, potential insolvency issues, spending categories, the risk rating of the data subject, and other personal identification data of the customer (name, email address, bank account number). If the bank account information is not analyzed as described above, the scope of the data processed is limited to contracting data, gender and place of purchase of the data subject. 

Yettel Hungary never has access to the bank account information of the data subject. If data is processed by an external service provider based on the data subject’s statement, Yettel Hungary will only receive a score (on a scale from 0 to 100) as a result of the solvency assessment, which the agent can take into account when finalizing the terms of the contract.

  • Yettel Hungary uses the following account information service provider for solvency assessments: STATOSFERA Ltd. (registered office: 3530 Miskolc, Hunyadi János utca 56., company registration number: 05-09-028450; email: support@statosfera.com, website: www.statosfera.com)


4.10. Data processing for a data request related to a terminated subscription

Observing reasons outlined in specific legal regulations (such as the Accounting Act), Yettel Hungary also records the personal data of former subscribers whose subscription with Yettel Hungary has been terminated for any reason. Such former subscribers may also request information from Yettel Hungary about their personal data still being processed, which Yettel Hungary will only be able to provide after having properly identified the data subject. 

To identify themselves, data subjects must provide their name, address, previous mobile phone number with Yettel and the unique identification number indicated on their bill (e.g. bill payer ID).


4.11. Operation of cameras, video recording

Yettel Hungary uses security cameras to surveil all public areas open to customer traffic and makes a record of what happens there. The purpose of the surveillance and recording is to prevent crimes (e.g. theft) and other abuses committed on business premises for the protection of persons and property, and to assist law enforcement authorities by identifying possible perpetrators. By entering the area under surveillance, data subjects acknowledge the use of the camera system and the fact of being surveilled.
 

Back to table of contents

5.  International data transfer


Taking advantage of our strong international presence and operation, at times we use partners, service providers and technical infrastructure (e.g. servers) that are not located in your country of residence or where the service is used (e.g. Yettel’s data processor is located in a third country). Third countries are countries outside the European Economic Area (EU Member States as well as Iceland, Liechtenstein, Norway). Where Yettel transfers your personal data to a third country, this data transfer needs to comply with the rules set out in Chapter V of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation; “GDPR”):

a)    Pursuant to Article 45(1) of the GDPR, personal data may be transferred to a third country if the European Commission has determined that the third country, a territory or one or more specific sectors of a third country provide an adequate level of data protection (so-called adequacy decision). 
b)    In the absence of an adequacy decision, personal data may be transferred if the controller provides adequate safeguards and the data subjects have enforceable rights and effective remedies. Article 46(2) of the GDPR specifies the cases in which personal data may be transferred to a third country with or without the authorisation of the supervisory authority, subject to appropriate safeguards. Contracts concluded based on Standard Contractual Clauses (SCCs) provide appropriate safeguards. Yettel can also be asked to provide these Standard Contractual Clauses.
c)    In the absence of an adequacy decision and appropriate safeguards, Article 49 of the GDPR also provides for additional possibilities for transfers (e.g. transfers necessary because of the data subject’s explicit consent, for the performance of a contract between the data subject and the controller, or for the establishment, exercise or defence of legal claims).
Yettel understands that transferring your data from your country of residence to another country may involve privacy and security risks, and we will only transfer your personal data to a recipient that has appropriate security measures in place.

Back to table of contents

6.  How we protect your personal data


Taking into account the risks of varying likelihood and severity, Yettel implements the appropriate technical and organizational measures to ensure the security and safety of your personal data.
 If Yettel processes your data based on its own or a third party’s legitimate interests, you have the right to object to data processing.

We ensure the security of your personal data by implementing the following measures:

a.    When we process your data through other operators or data processors, we always ensure that the given operators and data processors apply the appropriate technical and organizational measures in order to ensure that the data are kept secure. Such control mechanisms include controlling access to the data and the infrastructure that houses the data, as well as the entry into agreements with the third party that sets out a requirement of compliance with the applicable laws. When developing our products and services, we are already paying attention to integrating and establishing appropriate data protection guarantees.


b.    When you use your telephone number or username and password to log in to your Yettel online administration account to use one of our services, we encrypt all data using a cryptographic protocol such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption. We also apply such cryptographic protocols on all web pages where we collect personal data. Purchases through such web pages can only be made using browsers that support TLS or SSL (e.g. Internet Explorer, Safari, Firefox or Chrome). This means that your personal data are protected during the transfer online;

c.    If you have a username and password that provide access to our services and you have been inactive for some time, you are automatically logged out of your account to ensure the safety of your data;

d.    When your handset is connected to Yettel’s network, the communication between your handset and the network is encrypted to ensure the confidentiality of the content of the communication. Yettel ensures the confidentiality of the content of communication through organizational and technological measures within its own systems. If the provision of the service used requires cooperation with a service provider partner (e.g. call termination to another network), this is done based on an agreement with a third party that ensures compliance with the applicable legislation. 

e.    If needed, we use data protection impact analyses to gauge how a given activity would impact the safety of your personal data.


 

Back to table of contents

7.  How long we store your personal data


Your personal data are only stored for legitimate purposes, for the duration needed for these purposes. When such data are no longer needed, they are erased or anonymized.
The retention periods applied to the various data processing purposes are detailed within our relevant privacy notices. Data retention periods may vary greatly; for instance, video recordings created for security purposes must be retained for 3 to 30 days in the shops of Yettel, whereas pursuant to Act C of 2000 on Accounting, accounting documents – and their attachments – that directly or indirectly support accounting (e.g. bills issued on subscriber fees) must be retained for 8 years and in addition to these, a number of different retention periods may occur in a manner adapted to individual data management purposes.

Back to table of contents

8.  Your rights and their enforcement


It is important for us that you are fully aware of your rights in respect of personal data. 
Pursuant to Articles 15-22 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation (hereinafter: GDPR)), you have the following rights in respect of your personal data processed by Yettel:

a)    the right of access;
b)    right to request rectification;
c)    the right to request the erasure of data;
d)    the right to request restriction of processing;
e)    the right to object to the processing of your personal data;
f)    the right to receive the personal data and the right to transfer those data to another data controller if the statutory prerequisites for this exist (right to data portability);
g)    if personal data are processed on the basis of consent, the right to withdraw consent at any time.

You may send your request regarding the exercise of your rights using the specified contact details, which are as follows: via email to adatvedelem@yettel.hu, or by post to 2045 Törökbálint, Pannon út 1, Hungary, over the phone at 1220 or in person at Yettel’s customer service and sales points. Up-to-date information on the contact details of Yettel’s Customer Service Points (and Sales Partners) are available at http://www.yettel.hu/elerhetoseg/uzletkereso/.

As a general rule, you may request information on the processing of your personal data free of charge. In this case, you are kindly asked to clearly specify the purpose of the processing for which you are requesting the data. Under the GDPR, if the request is manifestly unfounded or excessive, in particular due to its repetitive nature, Yettel Hungary may claim compensation to cover theadministrative costs of providing the information or taking the requested action (HUF 500 per audio or video recording, HUF 5 per page) or refuse to respond to the request. Yettel Hungary reserves the right to determine the amount and the due date of the compensation based on the individual circumstances of the case.

Yettel provides information on the measures taken as a result of the request received without undue delay, but typically within 30 days of the receipt of such a request. If Yettel takes no measures, it provides information on the reasons for not taking measures without delay, but typically within 30 days of the receipt of the request. If you do not agree with Yettel’s response or measures, there are avenues of legal remedy available to you. Yettel shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed unless this proves impossible or involves disproportionate effort. Upon request, Yettel provides information on the recipients.

If you feel your rights have been violated, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH, registered office: H-1055 Budapest, Falk Miksa utca 9-11; telephone number: +36 1 391 1400; fax: +36 1 391 1410; email: ugyfelszolgalat@naih.hu; web: www.naih.hu) or you may turn to the court. In the latter case, the regional courts have jurisdiction to judge the lawsuit. You can initiate the lawsuit - according to your choice - either at the Budapest Environs Regional Court (which has jurisdiction based on Yettel Hungary's seat) or at the court of your place of residence or residence. Click on the following link for the list of courts: https://birosag.hu/torvenyszekek.
If you require more detailed information on your data protection rights, read the information below or contact us.

Right of access

You have the right to obtain from Yettel confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and information on the circumstances of data processing. The information requested may cover the following data: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed by Yettel, the envisaged period for which the personal data will be stored, or, if the personal data are not collected directly from you, any available information as to their source. 

Rectification

You have the right to obtain from Yettel without undue delay the rectification of inaccurate personal data, and to have incomplete personal data completed. 
Right to erasure (‘right to be forgotten’) 
You shall have the right to obtain from Yettel the erasure of personal data concerning you without undue delay where one of the following grounds applies: 

a)    the personal data are no longer necessary;
b)    the consent on which the processing is based is withdrawn and there is no other legal ground for processing;
c)    you object to the processing and there are no overriding legitimate grounds for processing;
d)    the personal data have been unlawfully processed by Yettel;
e)    the personal data must be erased for compliance with a legal obligation.

Yettel shall not erase the data if data processing is required on one of the following grounds: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing by law; (iii) for the establishment, exercise or defence of legal claims.

Right to restriction of processing

You have the right to obtain from Yettel the restriction of processing where one of the following applies:
a)    you contest the accuracy of the personal data, for a period enabling Yettel to verify the accuracy of the personal data;
b)    the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
c)    Yettel no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
d)    you have objected to processing, pending verification of whether the legitimate grounds of the data controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. You shall be informed by Yettel before the restriction of processing is lifted. 

Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Yettel’s legitimate interests. In this event, Yettel shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms, or which are related to the establishment, exercise or defence of legal claims.

Right to data portability

If this does not adversely affect the rights and freedoms of others, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You also have the right to have Yettel directly transfer these data to another data controller, where
a)    the processing is based on your consent or is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and
b)    the processing is carried out by automated means, i.e. personal data are processed in an IT system and are not paper-based. 

Back to table of contents

9.  Processing the data of children


As a general rule, it can be stated that the data of children under the age of 16 are not processed without the consent of their legal representative. If we detect that we have been collecting data on children under the age of 16 without consent, we take measures to notify the legal representative, request consent and, if no consent is granted, the data are erased. In the case of services aimed at children under the age of 16 – while providing information regarding data protection rights – we request the consent of the legal representative.

Back to table of contents

10.   Review of this data protection statement


The statement shall be reviewed and revised as necessary. Should the content of the statement change significantly, we will inform you in a manner deemed appropriate by us, for example through a communication published on our website, an email message, or a short text message. When determining the manner of notification, we will take into account considerations such as the significance of the change, the services affected by the change, and the range of customers that can be reached using the given type of notification.

Back to table of contents

11.  Questions about the data protection statement


Yettel Hungary is responsible for the processing of your personal data. Should you have any questions, concerns or complaints about this data protection statement, or our processing of your data, please contact your local data protection officer using the following contact information:

Data Protection Officer
Yettel Hungary Ltd.
Address: H-2045 Törökbálint, Pannon út 1
Email: adatvedelem@yettel.hu
Telephone number: +36 20 930 4000

We will respond to your request or query to the best of our knowledge, as fast as possible but within 30 days at the latest.

Back to table of contents