Privacy Notice

Privacy Notice

DORINKA Fashion Korlátolt Felelősségű Társaság (registered office: 1143 Budapest, Hungária körút 83.; company registration number: 01-09-389178; VAT number: 27415201-2-42; hereinafter referred to as the “Data Controller”) as the Data Controller hereby informs the customers (hereinafter referred to as the “Data Subject“) who shop through the Data Controller’s webshop about the processing of their personal data, in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”).

  1. Company name and contact details of the Data Controller:

DORINKA Fashion Korlátolt Felelősségű Társaság (registered office: 1143 Budapest, Hungária körút 83.; company registration number: 01-09-389178; VAT number: 27415201-2-42)

E-mail: dorinadobor@dorinadobor.com

Website: www.dorinadobor.com

  • Terms and definitions relating to the Data Controller’s services and the data processing activities

“personal data”: any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Data Controller”:the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and executes decisions regarding the data processing (including the means used) or has them executed by a Data Processor, within the limits set by law or by a legally binding act of the European Union;

“data processing”: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

the Data Subject’s consent”: a freely given, specific, informed and unambiguous indication of his/her wishes by which the Data Subject signifies, by a statement or by an act expressing his/her unambiguous consent, that he/she signifies his/her agreement to the processing of personal data concerning him/her;

“Data Processor”: a natural or legal person or an unincorporated body which processes personal data on behalf of or under the instructions of the Data Controller, within the limits and under the conditions laid down by law or by a legally binding act of the European Union;

data processing”: all data processing operations carried out by a Data Processor acting on behalf of or under the instructions of the Data Controller;

“data transfer”: the making available of data to a specified third party;

disclosure to the public”: making the data available to anyone;

data erasure“: rendering the data unrecognisable in such a way that it is no longer possible to recover it;

profiling”: any processing of personal data by automated means intended to evaluate, analyse or predict personal aspects relating to the data subject, in particular his/her performance at work, economic situation, health, personal preferences or interests, reliability, behaviour, location or movements;

recipient”: a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with the EU or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the data processing;

data breach”: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  • Principles and basic provisions
    • Legality, fairness and transparency

The processing of personal data must be lawful, fair and transparent for the Data Subject. (Article 5(1)(a) of the GDPR)

  • Tied to specific purpose

Personal data may be collected only for specified, explicit and legitimate purposes, for the exercise of rights and the performance of obligations and may not be processed in a way incompatible with those purposes. Only personal data that is necessary for the purpose of the data processing and is suitable for achieving that purpose may be processed. Personal data may be processed only to the extent and for the duration necessary for the purposes for which they are collected. (Article 5(1)(b) of the GDPR)

  • Data economy

The personal data must be adequate, relevant and limited to what is necessary for the purposes for which they are processed. (Article 5(1)(c) of the GDPR)

  • Accuracy

The personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay. (Article 5(1)(d) of the GDPR)

  • Limited retention period

Personal data should be kept in a form which permits the identification of the Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data should be kept for longer periods only if the personal data are processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with the applicable law, subject to the implementation of appropriate technical and organisational measures required by the GDPR to safeguard the rights and freedoms of the Data Subjects. (Article 5(1)(e) of the GDPR)

  • Integrity and confidentiality

Personal data must be processed in such a way as to ensure the adequate security of the personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures. (Article 5(1)(f) of the GDPR)

  • Accountability

The Data Controller is responsible for compliance with the data processing principles and must be able to demonstrate such compliance (Article 5(2) of the GDPR)

  • The scope of the personal data processed, the legal basis for the data processing, the purpose and duration of the data processing:
The scope of personal data processedLegal basis for the data processingPurpose of the data processingDuration of the data processing
For a natural person: User name; Full name; Electronic notification address (email address); Password. For a legal person: User name; Contact person’s full name; Electronic notification address (email address); Password.Pursuant to Article 6(1)(a) of the GDPR. Create and manage user accounts on the webshop of the Data Controller.Until consent is withdrawn.
For a natural person: Full name; Electronic notification address (email address), Phone number. For a legal person: Name of the legal person; Registered office; Registration number; VAT number; Contact name; E-mail address; Phone number.Pursuant to Article 6(1)(b) of the GDPR. Article 13/A(3) of the Electronic Commerce Act.Ordering a product that can be purchased from the Data Controller’s webshop.The general limitation period after performance is 5 (five) years (Article 6:22(1) of the Civil Code).
For a natural person: Full name; E-mail address; Phone number; Shipping name; Shipping address. For a legal person: Name of the legal person; Registered office; Registration number; VAT number; Contact name; Phone number; Shipping name; Shipping address.Pursuant to Article 6(1)(b) and (c) of the GDPR. Article 13/A(3) of the Electronic Commerce Act.Delivery, fulfillment and invoicing of products purchased from the Data Controller’s webshop.The limitation period is 5 (five) years after performance. Pursuant to the Accounting Act, the data processed for the purpose of issuing and storing the accounting document shall be processed for a period of 8 (eight) years after the termination of the contract (Article 169(2) of the Accounting Act).The management and retention of accounting documents until the right to assess tax has expired, i.e. for 5 (five) years from the end of the year in which the tax return based on the document was filed (Article 47(1), Article 164(1)).
For a natural person: Full name; Electronic notification address (email address), Phone number. For a legal person: Name of the legal person; Registered office; Registration number; VAT number; Contact name; E-mail address; Phone number.Pursuant to Article 6(1)(f) of the GDPR.Enforcement of the claims of the Data Controller arising from the above legal relationships (management of receivables, collection, enforcement of other claims)The performance or, if a claim has been asserted by or against the Data Controller in relation to the Data Subject, the general limitation period is 5 (five) years following the final adjudication of the claim (Article 6:22(1) of the Civil Code).
Unique identifier (IP); Date; Times.Pursuant to Article 6(1)(a) of the GDPR. With the exception of webshop-specific cookies called “shopping cart cookies” and “security cookies”, which do not require prior consent from Data Subjects.Tracking visitors to the webshop.Until consent is withdrawn.
Full name; E-mail address.Pursuant to Article 6(1)(a) of the GDPR.Sending electronic newsletters about the products and services marketed by the Data Controller to the Data Subjects who have given their prior express consent to receive electronic newsletters.Until consent is withdrawn.
Full name; Address; Place, time and method of lodging the complaint; E-mail address;  Billing name and address.Pursuant to Article 6(1)(c) of the GDPR. Pursuant to Article 17/A (5) of Act CLV of 1997.Handling quality complaints and problems related to the products ordered and received from the Data Controller.Copies of the record, transcript and reply to the recorded objection shall be kept for 3 (three) years pursuant to Article 17/A(7) of Act CLV of 1997 on Consumer Protection.

The Data Subject may withdraw his/her consent at any time. The withdrawal of consent does not affect the lawfulness of the data processing prior to the withdrawal.

  • Cookies used in the webshop:
Type of cookiesCookie nameService providerExpiry of the data processing
__qcaCookieQuantcast30 days
euconsent-v2CookieQuantcast30 days
qcSxcCookieQuantcast30 days
  • Security of the data processing

The Data Controller and the Data Processor it uses shall implement appropriate technical and organisational measures to ensure a level of data security appropriate to the scale of the risk, taking into account the state of science and technology and the cost of implementation, the nature, scope, context and purposes of the processing, and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons.

The Data Controller shall ensure the security of the personal data of the Data Subjects and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the GDPR, the Information Act and other data protection and confidentiality rules.

The Data Controller shall take appropriate measures to protect the personal data against, in particular, unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or damage and inaccessibility resulting from changes in the technology used.

All persons involved in the data processing must exercise the utmost care in their work to ensure the authenticity and preservation of the data and to prevent unauthorised access.

Everyone should have access only to the data they need to do their job, and only to the extent they need it.

In order to protect the electronically managed data files in the different registers, the Data Controller shall ensure by appropriate technical means that the data stored in the registers cannot be directly linked and attributed to the Data Subject, unless permitted by law.

In order to maintain security and prevent processing in breach of the GDPR or the Information Act, the Data Controller shall assess the risks inherent in the nature of the data processing and, where necessary, apply additional measures to mitigate those risks, such as encryption, pseudonymisation. Currently, the Data Controller does not apply such measures.

The Data Controller shall select and operate the IT tools used to process the personal data in the course of providing its services in such a way that the personal data processed:

  • is accessible to the authorised persons (“availability”);
  • the authenticity and verification of the data (“authenticity of the data processing”) is ensured;
  • the data is protected against unauthorised access (“data confidentiality”).

The Data Controller shall check the following during the data processing:

  • confidentiality: it shall protect the Data Subject
  • the unchanged nature of the data can be verified (“data integrity”);
  • ‘s personal data so that only those who are entitled to access it have access to it;
  • integrity: it shall protect the accuracy and completeness of the information and the method of the data processing;
  • availability: it shall ensure that when an authorised user acting on behalf of the Data Controller needs it, he/she has effective access to the information requested and the means to do so.

In order to enforce and ensure the conditions of data security, the Data Controller shall ensure the adequate and regular training and further training of the employees, subcontractors and personal contributors concerned.

  • Automated decision-making (including profiling):

No automated decision making, including profiling, takes place during the data processing.

  • Transfer of the personal data, recipients of the personal data and categories of the recipients:

The Data Controller uses the following Data Processor in connection with the data processing:

  • DORINKA Fashion Kft., its data processing related activities: webshop operation; e-mail address: dorinadobor@dorinadobor.com
  • OTP Mobil Szolgáltató Kft., its data processing related activities: online payment system; e-mail address: ugyfelszolgalat@simple.hu
  • hu Kft. (Számlázz.hu), its data processing related activities: online billing program; e-mail address: info@szamlazz.hu
  • GLS Fashion Kft., its data processing related activities: transport, forwarding; e-mail address: info@gls-hungary.com

UPS Magyarország Kft., its data processing related activities: transport, forwarding; e-mail address: upshungary@ups.com

  • SPRINTER Futárszolgálat Kft., its data processing related activities: transport, forwarding; e-mail address: info@sprinter.hu
  • DPD Fashion Kft., its data processing related activities: transport, forwarding; e-mail address: dpd@dpd.hu
  • LOTTE Fuvarozó és Szolgáltató Korlátolt Felelősségű Társaság., its data processing related activities: transport, forwarding; e-mail address: info@lottehungary.com

The personal data will be transferred to the following recipients:

The personal data will not be transferred to a third country (i.e. outside the European Union) or to an international organisation.

  • Data transmission

Within the Data Controller’s organisation, the personal data of the Data Subjects may only be transferred in accordance with the purpose limitation principle and access to such data may only be granted for an appropriate purpose.

The Data Controller may use the personal data of the Data Subjects for direct marketing or information purposes, in particular for its own commercial purposes, only with the explicit and prior consent of the Data Subject.

General rules on the transfer of data to third parties other than the Data Controller:

Personal data may be transferred to third parties only on the basis of a legal authorisation or with the prior consent of the Data Subject.

Prior to the data transfer, the Data Controller is obliged to check whether the legal conditions for the data transfer are met and whether the conditions for the processing of each personal data are met after the transfer.

The Data Protection Officer must be involved in the examination of the lawfulness of the data transfer before the transfer is made to the same Data Controllers for the same Data Subject and for the same purpose. Subsequent data transfers do not require a specific investigation.

Data transfers abroad or to a third country:

Prior to the data transfer, the Data Controller, with the involvement of the Data Protection Officer, is obliged to verify that the legal conditions for the data transfer are met and that the conditions for the data processing are met for each personal data subject to the transfer.

Pursuant to Article 13(1)(f) of the GDPR, the Data Controller states that at the date of entry into force of this Privacy Notice, it does not transfer any data processed by it to an international organisation.

Pursuant to Article 13(1)(f) of the GDPR, the Data Controller states that, at the date of entry into force of this Privacy Notice, in the case of air transportation to a third country of a person cared for by the Data Controller, or to another country for the purpose of organising care, the Data Controller will only transfer personal data to the air traffic controller or ground ambulance service or the Data Subject’s close family members in accordance with this Privacy Notice, if at least one of the following conditions are met:

  • the Data Subject has given his/her explicit consent to the envisaged data transfer after having been informed of the potential risks of the data transfer – due to the lack of a conformity decision and appropriate safeguards -;
  • the data transfer is necessary for the performance of a contract between the Data Subject and the Data Controller or for the implementation of pre-contractual measures taken at the request of the Data Subject;
  • the data transfer is necessary to protect the vital interests of the Data Subject or of another person and the Data Subject is physically or legally incapable of giving consent.

In any other cases, the Data Controller will not transfer data it processes to third countries.

Provision of data following a request from a public authority

On the basis of a request for data from the official bodies (in particular, but not exclusively, courts, prosecutors’ offices, investigating authorities, law enforcement authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law), the Data Controller shall provide information, disclose data, transfer data or make documents available – in the manner and with the content specified therein – if the request for data from the requesting authority is, to the best of the Data Controller’s knowledge, likely to be lawful. The Data Controller excludes any further liability for any unlawful transmission of personal data to the official bodies.

The personal data processed by the Data Controller may be transferred without the consent of the Data Subject in the following cases:

  • to bodies (conciliation bodies, supervisory authorities, etc.) entitled by law to settle any disputes between the Data Controller and the Data Subject;
  • to the authorised body, upon request of a body authorised to access the data by a specific law, if the Data Subject is unable to give his/her consent for reasons beyond his/her control, in order to protect the vital interests of the Data Subject or of another person, or to prevent or counter a threat to the life, physical integrity or property of a person;
  • to legal representatives (law firms) involved in the enforcement of the Data Controller’s rights;
  • in the event of (sub)assignment by the Data Controller to third parties of a claim against the Data Subject or a company represented/owned by the Data Controller, the data concerning the claims concerned and the debtors of the claims to the assignee or the person making an offer for the claim;
  • by the Data Controller to any other administrative body, authority, court, bailiff who is (are) conducting any legal proceedings necessary for the recovery of the claim in order to enforce the claim against the Data Subject or the company represented/owned by the Data Subject;
  • to other public authorities to which the provision of information is required by the legislation in force, in the manner and to the extent provided for by such legislation;
  • to other persons or organisations who, on behalf of the Data Controller, are otherwise involved as Data Processors in the preparation or performance of a contractual relationship between the Data Subject and the Data Controller.

I acknowledge that the following personal data stored by the Data Controller DORINKA Fashion Korlátolt Felelősségű Társaság (registered office: 1143 Budapest, Hungária körút 83.) in the user database of dorinadobor.com will be transferred to OTP Mobil Kft. as Data Processor. The data transmitted by the Data Controller are the following: [name, e-mail address, billing address, delivery address, phone number]. The nature and purpose of the data processing activities carried out by the Data Processor can be found in the SimplePay Privacy Notice, at the following link: https://simplepay.hu/vasarlo-aff

  1. Data breach

A data breach is a breach of security within the meaning of the GDPR that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Any employee, Data Processor or other person involved in the processing of the personal data who becomes aware of a personal data breach shall notify the Data Controller without delay to the Data Controller’s representative or the Data Protection Officer, who shall promptly investigate and propose the necessary measures and ensure and monitor the implementation of the measures set out below.

Reporting a data breach:

The Data Controller shall notify the data breach to the competent supervisory authority (NAIH) without undue delay and, if possible, no later than 72 hours after becoming aware of the data breach, unless the data breach is unlikely to pose a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it must be accompanied by the reasons justifying the delay.

The information provided must include:

  • the nature of the incident, including – where possible – the categories and approximate number of Data Subjects and the categories and approximate number of data affected by the incident;
  • the name and contact details of the Data Controller’s representative or Data Protection Officer as contact person;
  • the likely consequences of the data breach;
  • the measures taken or envisaged by the Data Controller to remedy the personal data breach, including, where applicable, measures to mitigate any adverse consequences of the personal data breach.

Informing the Data Subjects:

Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the representative of the Data Controller shall, without undue delay, inform the Data Subject of the personal data breach, indicating its nature, the name and contact details of the Data Controller’s contact person, the likely consequences and the measures taken or envisaged to remedy or mitigate the personal data breach, unless one of the cases provided for in Article 34(3) of the GDPR applies.

Investigating and handling data breaches:

The person in charge of the process that handles or processes the data must inform the Data Controller’s representative or the Data Protection Officer of the measures taken to remedy the data breach immediately after the implementation of the measures in question, but no later than within 2 (two) working days.

Registration of data breaches:

The Data Controller shall keep a record of the data breaches, which shall include the facts relating to the data breach, its effects and the measures taken to remedy it.

  1. The Data Subject’s rights in relation to the data processing:

The Data Subject may request the Data Controller to:

  1. a) provide access to the personal data concerning him/her,
  2. b) rectify his/her personal data; and
  3. c) the erase or restrict the processing of his/her personal data, except for mandatory data processing.

Right of access:

The Data Subject has the right to receive feedback from the Data Controller as to whether or not his/her personal data are being processed and, if such processing is ongoing, the right to access the personal data. The Data Controller shall provide the Data Subject with a copy of the personal data subject to the data processing. For additional copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on the administrative costs. If the Data Subject has submitted the request by electronic means, the information shall be provided in a commonly used electronic format, unless the Data Subject requests otherwise.

Right to rectification:

The Data Subject shall have the right to obtain from the Data Controller, upon his/her request, the rectification of inaccurate personal data relating to him/her without undue delay.

Right to erasure:

The Data Subject shall have the right to obtain from the Data Controller, upon his/her request, the erasure of personal data relating to him/her without undue delay, and the Data Controller shall be obliged to erase the personal data relating to the Data Subject without undue delay if one of the following grounds applies:

  1. a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. b) the Data Subject withdraws his/her consent on the basis of which the data processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the data processing;
  3. c) the Data Subject objects to the data processing on the basis of Article 21(1) of the GDPR and there are no overriding legitimate grounds for the data processing, or the Data Subject objects to the data processing on the basis of Article 21(2) of the GDPR;
  4. d) the personal data have been unlawfully processed;
  5. e) the personal data must be erased in order to comply with a legal obligation under EU or Member State law to which the Data Controller is subject;
  6. f) the personal data have been collected in connection with the provision of information society services referred to in Article 8(1) of the GDPR (conditions for the consent of the child).

Right to the restriction of the data processing:

The Data Subject shall have the right to obtain from the data Controller, at his/her request, the restriction of the data processing if one of the following conditions is met:

  1. a) the Data Subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Data Controller to verify the accuracy of the personal data;
  2. b) the data processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use;
  3. c) the Data controller no longer needs the personal data for the purposes of the data processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims; or
  4. d) the Data Subject has objected to the data processing pursuant to Article 21(1) of the GDPR; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the Data Controller prevail over the legitimate grounds of the Data Subject.

If the data processing is restricted, such personal data, except for storage, may only be processed with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the EU or of a Member State.

Right to data portability:

The Data Subject is also entitled to receive the personal data concerning him/her which he/ she has provided to the Data Controller in a structured, commonly used, machine-readable format and to transmit such data to another data controller without hindrance from the Data Controller to which he/she has provided the personal data, if: (i) the data processing is based on Article 6(1)(a) of the GDPR, or on the consent within the meaning of Article 9(2)(a) of the GDPR, or on a contract within the meaning of Article 6(1)(b) of the GDPR; and (ii) if the data processing is carried out by automated means.

Right to object:

The Data Subject shall have the right to object at any time, on grounds relating to his/her particular situation, to the processing of his/her personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. In this case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the Data Subject or are related to the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of the personal data concerning him/her for such purposes, including profiling, where it is related to direct marketing. If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for these purposes.

General rules on the exercise of the rights of the Data Subject:

The Data Controller shall inform the Data Subject of the action taken in response to his/her request without undue delay, but no later than one month from the date of receipt of the request. If necessary and taking into account the complexity of the application and the number of requests, this deadline may be extended by a further two months. The Data Controller shall inform the Data Subject of the extension of the deadline within one month of receipt of the request, stating the reasons for the delay. If the Data Subject has submitted the request by electronic means, the information shall be provided by electronic means where possible, unless the Data Subject requests otherwise.

The Data Controller shall provide the Data Subject with information and action free of charge. Where the Data Subject’s request is manifestly unfounded or excessive – in particular because of its repetitive nature – the Data Controller shall, taking into account the administrative costs of providing the information or information requested or of taking the action requested:

  1. a) charge a reasonable fee; or
  2. b) refuse to act on the request.

The burden of proving that the request is manifestly unfounded or excessive lies with the Data Controller.

If the Data Controller has reasonable doubts about the identity of the natural person making the request, it may request additional information necessary to confirm the identity of the Data Subject.

  1. Right enforcement options:

The Data Subject may take the Data Controller to court in case of a breach of his/her rights. The court is acting out of turn in the case. The Data Controller is required to prove that the data processing complies with the law. The court, in the capital the Metropolitan Court, has jurisdiction to hear the case. The action may also be brought before the courts of the place of residence or domicile of the Data Subject.

The Data Controller shall compensate for any damage caused to others by the unlawful processing of the Data Subject’s data or by breaching the requirements of data security. The Data Controller shall be exempted from liability if it proves that the damage was caused by an unavoidable cause outside the scope of the data processing. No compensation is payable if the damage was caused intentionally or by gross negligence on the part of the victim.

The Data Subject may also contact the National Authority for Data Protection and Freedom of Information in the event of a complaint regarding the processing of his/her personal data (Dr. Attila Péterfalvi, President of the National Authority for Data Protection and Freedom of Information, postal address: 1363 Budapest, Pf.: 9., address: 1055 Budapest, Falk Miksa utca 9-11.; Phone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; E-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).