Information on data processing during error report

Wellis Magyarország Zrt. (registered office: 1118 Budapest, Budaörsi út 31/C., company registration number: 01-10-048882, tax number: 25584864-2-43, e-mail:, represented by: Chief Executive Officer Zolt Czafik, name and contact details of the data protection officer: Dr. Krisztián Bölcskei, available by post at the Data Controller’s registered office, by e-mail to the address), as data controller, hereby informs you about the relevant details and other material facts of data processing during service and error reporting:

Data processing during error report
Purpose: receiving, processing and resolving error reports
Legal basis: data processing is necessary for fulfilling contracts where the data subject is a party (Article 6 (1) b) of the GDPR)

fulfilling a legal obligation in the case of report qualified as consumer complaint (Article 6 (1) c) of the GDPR), complaint management under Act CLV of 1997

Data subjects: All natural persons who can be identified based on the data provided upon service and error report
Source of data: data subjects
Scope of processed data (in case of report via website) Purpose Storage period
Contact details 5 years
name* identification and addressing
phone number* identification and keeping contact
e-mail address*
address* identification
Error report data:
Answer to the question whether commissioning was done by Wellis warranty
date of purchase product identification
name of selling organisation*
invoice number*
Wellis order number
Product name*
Error description*
Date of submission* troubleshooting
Transfer of data: it is basically not done, it can only take place to an authority, court, conciliation body or legal representative, if necessary
Automated decision-making, profiling: Not done.
Other: Error can be reported on a website through a form, via e-mail and on the phone. If you have called Wellis’ fixed telephone line, the information on data processing via the fixed telephone line also applies.

In connection with the data marked with *, the Data Controller draws the attention to the fact that they are essential elements of data processing, and all of them are necessary for data processing.

How does the Data Controller ensure data protection?


Within the scope of its tasks related to IT protection, the Data Controller shall in particular ensure the following:

  1. refusing access of unauthorised persons to data processing equipment (hereinafter: “data processing system”),
  2. preventing the unauthorised reading, copying, modification and removal of data carriers,
  3. preventing the unauthorised input of personal data into the data processing system and the unauthorised access, modification or erasure of personal data stored therein,
  4. preventing the use of data processing systems by unauthorised persons using data transfer equipment,
  5. that persons authorised to use the data processing system have access only to the personal data specified in the access authorisation,
  6. ensuring control and verification of which personal data were, or can be forwarded, or were made or can be made available to which recipient by using data transfer equipment,
  7. that it can be verified and established subsequently which personal data were entered into the data processing system, when and by whom
  8. preventing unauthorised reading, copying, modification or erasure of personal data upon data transfer or data carrier transportation
  9. that the data processing system can be recovered in the event of a breakdown.
  10. that the data processing system is operational, that errors in its operation are reported and that the stored personal data cannot be altered even by operating the malfunctioning system.


What rights do the data subjects have?


  1. The relationship between the data subjects’ rights and the legal basis/bases is shown in the table below to make it clear to the data subjects what rights they can exercise in the case of the legal basis used.
Right to prior information Right of access Right to rectification Right of erasure Limitation Data portability Objection Withdrawal of consent
Legal obligation

Right of access (Article 15 of the GDPR)

The data subjects have the right to obtain feedback from the Data Controller as to whether or not their personal data are being processed, and if this is the case, they have the right to access the personal data and information about the circumstances of data processing. Where personal data are transferred to a third country or to an international organisation, the data subject has the right to be informed about the appropriate safeguards pursuant to Article 46 relating to the transfer. The Data Controller makes a copy of the personal data – that are subject to data processing – available to the data subject if requested by the data subject.


Right to withdraw consent (Article 7 of the GDPR)

The data subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing that was carried out based on consent before its withdrawal.


Right to rectification (Article 16 of the GDPR)

The data subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her.


Right to object (Article 21 of the GDPR)

The data subjects have the right to object – at any time, on grounds relating to their particular situation – to the processing of their personal data based on Article 6 (1) e) or f) of the GDPR.

In this case, the Data Controller may not process the personal data further, unless it proves that the processing is justified by legitimate reasons which override the interests, rights and freedoms of the data subject.


Right to restrict data processing (Article 18 of the GDPR)

The data subject has the right to request the Data Controller to restrict data processing if any of the conditions specified in the GDPR is met, and in this case the Data Controller should not perform any operation on the data other than storage.

If the data subject objected to data processing; in this case, the restriction applies until it is established whether the Data Controller’s legitimate reasons override the data subject’s legitimate reasons.


Right to erasure (right to be forgotten) (Article 17 of the GDPR)

The data subjects have the right to ensure that the Data Controller erases the personal data concerning them without undue delay if the data processing has no purpose, they withdrew their consent and there is no other legal basis, in case of objection there is no overriding legitimate reason for data processing, or if the data have been processed unlawfully, furthermore the data must be erased in order to fulfill a legal obligation. Where the Data Controller has made the personal data public and is obliged to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.


Right to data portability (Article 20 of the GDPR)

The data subjects have the right to receive the personal data concerning them and made available to the Data Controller in a structured, widely used, machine-readable format as well as to transfer such data to another data controller without being hindered in this by the Data Controller to whom they provided the personal data, if the legal conditions (legal basis of automated data processing and consent or agreement) exist.


Where and how can the data subjects request detailed information on data processing and transfer, where and how can they exercise their rights?

The Data Controller draws the attention of the data subjects to the fact that they can send requests for information and they can exercise their right to access and other rights via a statement sent to the Data Controller by post (1118 Budapest, Budaörsi út 31/C) or e-mail ( or addressed to the data protection officer. The Data Controller will examine and respond to the statement as soon as possible after receipt, and will take the necessary steps in accordance with the statement, the Internal Privacy Policy and the legal regulations.


Contact details of the authority in case of a complaint (Article 77 of the GDPR):

National Authority for Data Protection and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11.

Mailing address: 1363 Budapest, Pf. 9.

Phone number: +36 (1) 391-1400

Fax: +36 (1) 391-1410




For more information on your rights and on the details of your complaint to be submitted to the authority, visit the following website:


Should the data subject rights be infringed, the data subjects may also turn to the court competent at their residence and may, inter alia, claim damages. You can find the court competent at your residence here:


Completed: 07.02.2022.