Skip to main content

ATTENTION – We are closed on December 9th!

We would like to inform you that Retro Lángos will be closed on Monday, December 9th, for our annual Christmas team-building event. On this day, both our restaurant and delivery services will be unavailable.

Holiday opening hours 🎅 🎄 🕑

9th December – Team-building – CLOSED
24th December – Christmas break – CLOSED
25th December – Christmas break – CLOSED

26th December – Christmas break – CLOSED
31st December – New Year’s Eve – OPEN
1st January – New Year’s Day – OPEN

Thank you for celebrating the season with us – we look forward to seeing you!

STATEMENT OF DATA PROCESSING S-OTTIMFOOD KFT

The purpose of this Data Processing Statement is to outline the principles and rules for managing personal and other data provided by users of the website https://www.retrolangos.hu and made accessible to the website operators (“Data Controller”).

This Statement applies solely to the data necessary for the use of the site, provided to the Data Controller, and does not cover cases where individuals voluntarily disclose their personal data or parts thereof on the site or through the site.

PURPOSE OF DATA PROCESSING

S-Ottimfood Kft. – hereinafter “Data Controller” – is committed to protecting the personal data of its customers. Therefore, it pays special attention to collecting, managing, using, processing, and potentially transferring personal data in compliance with the law on informational self-determination and freedom of information (Act CXII of 2011), the fundamental requirements for and limitations on economic advertising activities (Act XLVIII of 2008), the law on electronic commerce services and certain issues related to information society services (Act CVIII of 2001), the law on the management of name and address data for research and direct marketing purposes (Act CXIX of 1995), the GDPR (Regulation (EU) 2016/679) effective from May 25, 2018, and other relevant national and international recommendations and regulations.

This data processing information is an inseparable part of the contract (“Contract”) concluded between the Data Controller and the service user – hereinafter “Data Provider.”

By concluding the Contract with the Data Controller/using the website, the Data Provider acknowledges that they have read and accepted the contents of this data processing information and consents to the Data Controller managing and storing the data provided by the Data Provider according to the applicable laws. The Data Provider also consents to the Data Controller recording their contact details in its database for the purpose of informing the Data Provider about data related to services, changes, news, promotions, and other relevant updates.

1. DEFINITIONS

– Data Provider: Any identified or identifiable natural person based on personal data.

-Personal Data: Data related to the Data Provider, particularly the Data Provider’s name, identification mark, or one or more physical, physiological, mental, economic, cultural, or social identity characteristics, and conclusions that can be drawn from the data concerning the Data Provider.

– Special Data: Personal data relating to racial origin, nationality, political opinions, religious or philosophical beliefs, membership in interest representation organizations, sexual life, health status, pathological addictions, or criminal personal data.

– Criminal Personal Data: Personal data generated during or before a criminal proceeding, relating to the criminal offense or the criminal proceeding, at authorities entitled to conduct the proceeding, and at the organization responsible for penal execution, relating to the Data Provider, and data concerning criminal records.

-Consent:The voluntary and explicit expression of the Data Provider’s will, based on appropriate information, indicating clear agreement to the full or partial processing of their personal data.

-Objection: The statement of the Data Provider objecting to the processing of their personal data and requesting the termination of data processing or the deletion of the processed data.

– Data Controller: A natural or legal person, or an organization with legal capacity according to its personal law, who or which, alone or jointly with others, determines the purposes and means of data processing, makes and executes decisions regarding data processing (including the tools used) or has them executed by a data processor.

– Data Processing: Any operation or set of operations performed on data, regardless of the applied method, such as collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, deletion, and destruction, as well as preventing further use of the data, making photo, audio, or video recordings, and recording physical characteristics suitable for identifying a person (e.g., fingerprint, palm print, DNA sample, iris image).

– Data Transfer: Making data available to a specified third party.

– Disclosure: Making data accessible to anyone.

– Data Deletion: Making data unrecognizable in such a way that its restoration is no longer possible.

– Data Marking: Assigning an identifier to data to distinguish it.

– Data Blocking: Assigning an identifier to data to restrict its further processing either permanently or for a specified period.

– Data Destruction: Complete physical destruction of the data carrier containing the data.

– Data Processing: Performing technical tasks related to data processing operations, regardless of the methods and tools used for executing the operations and the location of application, provided that the technical task is carried out on the data.

– Data Processor: A natural or legal person, or an organization without legal capacity, who or which processes data based on a contract, including contracts concluded under legal provisions.

– Data File: All data processed in a single record.

– Third Party: A natural or legal person, or an organization without legal capacity, who or which is not the same as the Data Provider, Data Controller, or Data Processor.

– EEA State: A member state of the European Union and any other state party to the Agreement on the European Economic Area, and any state whose citizens enjoy the same status as the citizens of an EEA state based on an international agreement concluded between the European Union and its member states and a state not party to the Agreement on the European Economic Area.

-Third Country: Any state that is not an EEA state.

– Data Protection Incident: Illegal processing or processing of personal data, particularly unauthorized access, alteration, transmission, disclosure, deletion, or destruction, and accidental destruction or damage.

2. DATA CONTROLLERS

Website Owner:

– Company Name: S-OTTIMFOOD KFT

– Address: 1051 Budapest, Nádor utca 6. 4th floor, 2nd door.

– Tax Number: 23154894-2-41

– Email: info@s-ottimfood.hu

– Phone: +36 20 294 6571

Hosting Service Provider:

– Company Name: Tarhely.Eu Szolgáltató Kft

– Address: 1144 Budapest, Ormánság utca 4. 10th floor, 241

– Company Registration Number: 01-09-909968

– Tax Number: 14571332-2-42

Website Developer:

– Company Name: PNGN Kft.

– Address: 1034 Budapest, San Marco utca 19. 1st floor, 1st door.

– Company Registration Number: 01-09-401627

– Tax Number: 22706034-2-41

– Email: info@pngn.hu

– hereinafter collectively referred to as Data Processors.

3. DATA PROCESSED

3.1. General Definition**

Personal data processed by the Data Controller are those that come into the possession of the Data Controller during the use and fulfillment of services provided by the Data Provider, and potentially other personal data communicated by the Data Provider to the Data Controller. These personal data particularly, but not exclusively, include:

Personal data:

– Name;

– Place and date of birth;

– Mother’s maiden name;

– ID number, address card number, address;

– Personal identification number;

– Social security number (TAJ), tax identification number, bank account number;

– (Workplace) email address, phone number.

Special personal data:

– Data on racial origin, nationality;

– Data on health status (weight, blood count, screening results);

– Data on pathological addiction;

– Criminal personal data.

3.2. Data Processing Related to Contractual Relationship and Offer Making

The Data Controller, in performing its activities, prepares offers for services for its clients, concludes contracts, and conducts procurement, archiving, and document management necessary for its operations. In this context, the Data Controller processes and stores the data listed below for the indicated period for the following purposes:

– Contact (sales-related inquiries);

– Contract conclusion;

– Fulfillment of contracts;

– Invoice and receivable management;

– Enforcement of contractual legal claims (e.g., complaints, warranty claims);

– Document management and archiving after the termination (fulfillment or termination) of the contract.

a) In the case of a natural person client, personal data:

The Data Controller processes the name, address, phone number, email address, customer number (order number), and online identifier of the natural person client for the above purposes. Data processing legally begins with the request for an offer, based on the Data Provider’s inquiry, prior to the conclusion of the contract.

b) In the case of a legal entity client, the data of natural person representatives:

The processed personal data include the name, address, phone number, and email address of the natural person representative.

3.3. Data Processed for All Clients

The Data Controller retains all personal data until the contract is fulfilled. This data processing is necessary for the performance of the contract and for fulfilling the Data Controller’s legal obligations.

3.4. Registration on the Data Controller’s Website

The Data Controller only requests personal data from visitors of the https://www.retrolangos.hu website if the Data Provider wishes to register, log in for requesting an offer, or make a reservation on the provided online interface.

3.5. Other Contractual Partners

The Data Controller requests and processes the data of other contractual partners of the Data Provider and procurement contractual partners to the extent defined by the laws mentioned in the introduction and for the period specified therein.

4. SCOPE OF DATA PROCESSING AND LEGAL BASIS FOR DATA PROCESSING

The Data Controller processes the data of customers/guests, potential customers, and requesters (Data Providers). This policy applies to the contractual partners of the Data Controller, visitors to the website https://www.retrolangos.hu, its assistants, and collaborators.

The Data Controller processes only the personal data of individuals who have consented to data processing, or the transfer of their personal data to third parties, or if required by law or – based on the authority of the law, within the specified scope – by a local government decree for purposes of public interest.

Consent is also deemed given if, while viewing the Data Controller’s website, the relevant checkbox is marked, if personal data is sent to the Data Controller’s postal or email address, or other contact information, during the use of services related to the information society through relevant technical settings, as well as any other declaration or action which clearly indicates the individual’s consent to the planned processing of their personal data in the given context.

Additionally, the Data Controller processes personal data based on Article 6 of the GDPR and Section 6 of the Infotv, only if obtaining the Data Provider’s consent is impossible or would involve disproportionate costs, and data processing is necessary for the fulfillment of some obligation or is in the Data Controller’s own interest or the legitimate interest of a third party, and the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data. The Data Controller processes personal data from the Data Provider and other partners only if the individual has consented to the transfer of their personal data to a third party or the Data Controller. The Data Controller is not entitled to transfer the processed data for advertising purposes or any other purposes without the explicit consent of the Data Provider.

The Data Controller processes personal data on the legal basis of fulfilling a legal obligation (for example, the 2017 Act CXXVII on Value Added Tax Sections 169 and 202; the 1995 Act CXVII on Personal Income Tax; the 2017 Act LIII on the Prevention and Combating of Money Laundering and Terrorist Financing; the 2000 Act C on Accounting) to fulfill the obligations of accounting and taxation, processing the legally defined data of individuals who enter into business relationships with the Data Controller as customers or suppliers.

By transferring personal data to the Data Controller, the Data Provider is deemed to have given their consent to data processing. By transferring their personal data to the Data Controller, the Data Provider warrants that the Data Controller is entitled to process the data, including transfer it. The Data Controller excludes all liability for any claims asserted in connection with the breach of this warranty, and the Data Provider is obliged to indemnify the Data Controller for all damages incurred in connection with the falsity or incorrectness of this warranty.

5. DURATION OF DATA PROCESSING

The purpose of data processing concerning personal data in the possession of the Data Controller includes:

  • Contract conclusion;
  • Fulfillment of services used from the Data Controller;
  • Providing discounts;
  • Informing about data related to services, changes to them;
  • Maintaining the relationship between the Data Controller and the Data Provider;
  • Informing via newsletters;
  • Providing personalized offers and services;
  • Providing information on news and updates related to the services provided by the Data Controller;
  • Conducting marketing activities;
  • Building and maintaining a marketing database;
  • Conducting direct marketing activities.

6. PURPOSE OF DATA PROCESSING

Data processing is carried out only to the extent, for the period, and with the personal data necessary to achieve the purpose of data processing, in particular, as long as the Data Provider’s rights and obligations related to information and service performance, and related administration are maintained.

The duration of data processing in the case of a Contract: a) The statute of limitations for claims arising from the contractual relationship between the Data Provider and the Data Controller, or b) The statute of limitations for claims related to the legal obligations of the Data Controller based on the Contract, whichever is longer.

The duration of data processing if the Data Provider orders the Data Controller’s service and provides their email address but no Contract is concluded, is the period during which a contractual relationship could be established between the Data Controller and the Data Provider. If it is clear that no contractual relationship can be established in the future (e.g., the company for which the contact person provided personal data ceases to exist), or the Data Provider requests the deletion of their personal data, the personal data will be deleted without delay.

7. DATA PROCESSING

The Data Controller uses the assistance and services of data processors (especially but not exclusively accountants, IT service providers) for its data processing activities. Data processing is carried out based on a data processing agreement between the Data Controller and the IT service provider (Data Processors), ensuring the confidentiality of the Data Processors and thus the security of data processing.

8. PERSONS AUTHORIZED TO ACCESS DATA

The personal data provided by the Data Provider may be accessed and processed by the employees, senior officers, consultants of the Data Controller, those involved in data processing, or other employees, as well as by those partners to whom the Data Provider has consented to the transfer of data.

Under legal provisions, courts and certain authorities are entitled to access the personal data processed by the Data Controller. Courts, prosecutors, and other authorities (e.g., police, tax authority, National Authority for Data Protection and Freedom of Information) may request information, data disclosure, or the provision of documents from the Data Controller. In such cases, the Data Controller must comply with the data provision obligation, to the extent necessary to achieve the purpose of the request.

9. DATA TRANSFER AND TRANSMISSION

The Data Controller understands that the Data Provider’s data represents value, thus makes every effort to protect it during data processing.

The personal data shared with the Data Controller may be shared with collaborating or acting third parties if necessary to achieve the purpose for which the Data Provider shared their data. The Data Controller may also transfer the Data Provider’s personal data to third parties if it enhances the effective service of the Data Provider, or if the mentioned third party or parties process the relevant data on behalf of the Data Controller.

The Data Controller ensures that these third parties adequately handle and protect the information and data provided by the Data Provider.

The Data Controller may transfer personal data to third-party data processors who provide adequate technical and organizational guarantees. Following generally accepted data protection practices, the Data Controller may use external service providers for regular server maintenance, data storage, or other IT tasks.

The Data Controller shares the received information with a third party only if:

  • They have the Data Provider’s consent;
  • Required by law for the Data Controller; or
  • Necessary for legal proceedings, related to legal proceedings, or for the exercise or defense of legal rights guaranteed by law.

By transferring personal data, the Data Provider explicitly consents to the transfer of the data in this manner and warrants that they are entitled to transfer the personal data to Data Processors for such purposes.

Once the conditions for the lawful processing or transfer of data cease, the Data Controller will promptly delete the personal data from its database and send a notification to the Data Provider regarding the deletion.

10. DATA SECURITY

The Data Controller treats all data, both stored in electronic information systems and traditional paper-based data carriers, with the utmost care, strictly confidentially, and strives to protect it by all lawful means, especially against unauthorized access, alteration, transmission, disclosure, misuse, deletion, or destruction, as well as accidental destruction and damage, through technical and organizational measures.

The Data Processors, the Data Controller’s partners, and the Data Controller itself ensure the protection of the data and use it strictly for its intended purpose. The processed data is accessible to those authorized, ensuring data authenticity and validation, data immutability, and protection against unauthorized access.

The Data Controller ensures the security of data with technical, organizational, and structural measures that provide an appropriate level of protection for the risks associated with data processing. The Data Controller ensures the protection of the personal data it processes through adequate confidentiality commitments, technical, and security measures. Only data processors with appropriate authorization and confidentiality commitments have access to personal data.

Given that the confidentiality, integrity, and availability of data transfer through the website are not solely within the Data Controller’s control, it does not take full responsibility for it. The Data Controller complies with strict regulations regarding the security of the Data Provider’s data and the prevention of unlawful access to incoming data.

11. DATA OF VISITORS TO THE HTTPS://WWW.RETROLANGOS.HU WEBSITE

  • Purpose of data processing: During the visit to the website https://www.retrolangos.hu, the service’s fulfillment, operation monitoring, and preventing misuse by recording visitor data.
  • Legal basis for data processing: The consent of the affected person, and Sections 5-6 of the 2011 Act CXII on the right to informational self-determination and freedom of information.
  • Scope of processed data: date and time of visit, title of the visited and previously visited page, operating system, and browser type, IP address.
  • Duration of data processing: 180 days from viewing the website.
  • The HTML code of the portal available at https://www.retrolangos.hu contains links pointing to and arriving from external servers independent of the Data Controller. Due to the direct connection to their servers, the providers of these links can collect user data.
  • The independent measurement of the website’s visit statistics and other web analytics data is provided by an external service provider (Google Analytics). The service provider provides detailed information on the handling of measurement data.

12. NEWSLETTER

The Data Provider consents by ordering the restaurant service and providing an email address to receive notifications and information related to the Data Controller’s activities in the form of newsletters. Subscription is voluntary and can be withdrawn at any time through the link provided in the newsletter or by sending a reply email.

The Data Controller creates a database from the contact details (company name, name, position, corporate email address) provided by individuals representing companies, and regularly sends newsletters to the organizations included in the database (to the corporate email addresses of the contacts) about the topics marked by them or which the Data Controller deems may be of interest to them. The contact details provided during the subscription are stored in the Data Controller’s customer relationship management system, located on servers within the European Union, in Hungary, handled confidentially, not disclosed to unauthorized persons, and not made available to them.

Newsletters are therefore addressed not to the contacts as individuals but to the organizations linked to them, thus, the data provided and processed for this purpose are stored and managed as data for maintaining contact with the Data Provider, so personal data processing does not occur.

Retro Lángos reserves the right to exclude anyone from the newsletter distribution at any time.

The Data Controller processes the data as long as the Data Provider requests their deletion in the specified manner.

13. SOCIAL MEDIA

The Data Controller maintains a social media page to introduce and promote its services. Communication on the Data Controller’s social media page does not constitute a fact that creates rights or obligations, does not serve for contract conclusion, or request for an offer.

The Data Controller does not manage personal data published by visitors on its social media page. The visitors are subject to the Data Protection and Service Conditions of the social media site. Availability: http://www.facebook.com/about/privacy/

In the case of publishing unlawful or offensive content, the Data Controller may exclude the individual from the members or delete their comment without prior notice. Retro Lángos is not responsible for any infringing content or comments published by users on the social media page. The Data Controller is not responsible for any errors, disruptions, or problems arising from changes in the system operation of the social media page.

14. COOKIES

The Data Controller uses cookies for the optimal operation of the website and the online request service, allowing its servers to place a cookie (unique identifier file) on the user’s computer when visiting the website. Users do not receive separate notification of this event. Cookies are used exclusively to facilitate the technical identification of the user and the visitor of the website and to operate personalized services, not for other purposes. Disabling cookie acceptance by the user – the exact method of which is guided by the user’s browser manual – does not prevent the use of the Data Controller’s services but may affect certain functions on the website.

15. DATA PROVIDER’S RIGHTS RELATED TO DATA PROCESSING

15.1. Request for Information The Data Provider may request information about their personal data provided and managed by the Data Controller, their source, the purpose, legal basis, duration of data processing, the name and address of the data processor, and their activities related to data processing, as well as the legal basis and recipients of data transfer if their personal data is transferred.

The Data Controller provides information – in the interest of the Data Provider’s data security – only in person. Therefore, the request for information can be sent to the Data Controller in writing, in the form of a fully conclusive private document, if sent by post, or via email, with appropriate identifying data. The Data Controller provides the requested information in writing in the most understandable manner within the shortest possible time, but no later than 30 days, to the address provided by the Data Provider.

It is important to note that information on one data set per year is free; for additional information, the Data Controller may charge a reasonable cost reimbursement.

15.2. Rectification If the Data Provider indicates – by providing the corrected personal data simultaneously – that the processed personal data is not accurate, or if the Data Controller becomes aware of the error and the correct data, the Data Controller corrects the personal data. The Data Controller notifies the individual concerned about the correction or the rejection of their correction request.

15.3. Deletion or Blocking The Data Provider is entitled to request the deletion or blocking of their personal data. The Data Controller blocks the personal data if it can be assumed, based on the available information, that deletion would harm the Data Provider’s legitimate interests. The Data Controller processes the blocked personal data only until the purpose of data processing that excluded deletion exists. The Data Controller informs the Data Provider about the deletion or blocking, or about the rejection of their deletion or blocking request.

15.4. Marking The Data Controller marks the personal data it processes if the Data Provider disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.

15.5. Objection The Data Provider – except in cases of mandatory data processing – is entitled to object to the processing of their personal data,

  • if the processing or transfer of personal data is solely necessary for the fulfillment of a legal obligation of the Data Controller or for enforcing the legitimate interest of the Data Controller, or a third party; or
  • if the use or transfer of personal data is for direct marketing, public opinion polling, or scientific research purposes, provided they have not consented to it; or
  • in other cases specified by law.

The Data Controller examines the objection within the shortest possible time, but no later than 15 days from the submission of the request, decides on its justification, and informs the applicant in writing of its decision.

If the objection is justified, the Data Controller terminates the data processing – including further data collection and data transfer – blocks the data, and notifies all those to whom the personal data affected by the objection was previously transmitted and who are obliged to take action to enforce the right to object.

15.6. Data Portability The Data Provider is entitled to receive the personal data concerning them, provided to the Data Controller, in a structured, widely used, machine-readable format, and to transfer these data to another data controller without the Data Controller hindering this, if the data processing is based on the Data Provider’s consent and the processing of their personal data is carried out automatically by the Data Controller.

15.7. Refusal of Cooperation Regarding Direct Marketing The Data Provider is entitled to refuse cooperation regarding direct marketing letters, the so-called direct marketing letters, at any time without justification. In this context, they are entitled to refuse or prohibit the inclusion of their name data in the contact or business acquisition list, use for direct business acquisition – or for specified purposes within it – and transfer to a third party.

16. NOTIFICATION OF DATA CHANGES

The Data Provider is entitled and obliged to report changes to the data processed by the Data Controller within their disposition within 15 days. The Data Provider is fully responsible for the consequences of failing to report such changes.

17. WITHDRAWAL OF CONSENT

If the legal basis for data processing is the consent of the Data Provider, the consent to data processing can be withdrawn at any time, which does not affect the legal basis of data processing before the withdrawal of consent. If the legal basis for data processing is solely the consent of the Data Provider, after withdrawing the consent, the Data Controller will no longer process the personal data, and they will be deleted from all records of the Data Controller.

By giving their consent, the Data Provider authorizes the Data Controller to manage their email address and name to send the requested newsletters, information materials electronically, and contact the Data Provider at the provided contact details. The Data Provider explicitly consents to the Data Controller managing and processing the provided data for marketing purposes until the Data Provider withdraws their consent, which can be withdrawn at any time, without restriction and justification, free of charge:

  • By clicking on the “Unsubscribe” button at the bottom of the electronic letter received through the linked unsubscribe link,
  • By sending an email to info@retrolangos.hu.

and may initiate the deletion of the data provided by the Data Provider and stored by the Data Controller.

Giving consent is voluntary, considering the above information.

18. RIGHT TO LEGAL REMEDY

The Data Provider can contact the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c., mailing address: 1530 Budapest, Pf.: 5) with a complaint or with questions related to data processing and can turn to court for legal remedies.

19. RESTRICTION OF RIGHTS

The rights mentioned above can be restricted based on legal provisions, in exceptional cases, to protect the rights of the Data Provider or others.

The Data Controller provides data contrary to the Data Provider’s data processing statement only and exclusively upon the request of authorities authorized by law and in cases specified by law.

20. HANDLING DATA PROTECTION INCIDENTS

To prevent and manage data protection incidents and comply with the relevant legal provisions, the Data Controller logs access and access attempts on the IT systems and continuously analyzes and monitors them.

Data protection incidents can be reported to the Data Controller’s email address or phone number specified in point 2, where contracting partners and Data Providers can report the underlying events and security weaknesses. In case of reporting a data protection incident, the Data Controller will promptly investigate the report, identifying whether it is a real incident or a false alarm.

In case of a data protection incident, the Data Controller delimits, isolates, and ensures the collection and preservation of evidence supporting the occurrence of the incident. Subsequently, the Data Controller begins to restore damages and re-establish lawful operation.

The Data Controller keeps records of data protection incidents, including: a) the scope of the Data Provider’s personal data; b) the scope and number of affected Data Providers; c) the date of the data protection incident; d) the circumstances, effects of the data protection incident; e) measures taken to remedy the data protection incident; f) other data specified by law related to data processing.

Data on data protection incidents must be retained for 5 years.

21. OTHER PROVISIONS

The Data Controller reserves the right to unilaterally modify this data protection information at any time. The Data Provider will be clearly informed in writing of any changes to the information at one of their provided contact details, and, if necessary, the Data Controller will obtain consent.

In case of questions or comments, the Data Provider can contact the Data Controller at any of the contact details provided in this information.

Dated: Budapest, January 1, 2024.

Home Delivery

         

Our Address

1065 Bp, Bajcsy-Zsilinszky 25.

Opening Hours

Monday – Sunday: 11:00 – 22:00