DATA PROTECTION AND DATA MANAGEMENT INFORMATION of the ORIGO Film Group Film Producer Private Limited Liability Company


Please read the Guide carefully to understand how we treat your personal data and to become aware of your rights related to data management. Of course, not all situations apply to you. This Guide provides an overview of all possible situations in which we can cooperate.

When You share personal data with us or we collect personal data about You, we use the data in accordance with this Guide. Please read this information carefully and if you have any questions or concerns about your personal data, please contact us at one of our contact information listed under “Contact” which can be found at the end of this Guide.



The purpose of this Guide is to record the privacy and management principles applied by ORIGO Film Group Film Producer Private Limited Liability Company (hereinafter: ORIGO Film Group Zrt. or the Company) and the Company’s data protection and management policy, which the Company as a Data Controller expresses to be bound by.


This Guide contains the principles related to the management of personal data provided by users on the websites operated by the Company. We provide information about other personal data management (employees and applicants, contact details of business partners, access control and camera system) to the person concerned in any other guide, regulation or data collection.


In developing the provisions of the Guide, the Company has taken particular account of the provisions of Act CXII of 2011 on Right of Informational Self-determination and Freedom of Information. (“Infotv.”) and the provisions of the Act V of 2013 on the Civil Code (“Ptk”) in Act No 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”).


About us

Basic terms

What kind of data do we collect and how do we use it?

How do we collect or receive Your data?

Who can have access to Your personal data?

Data processing, external service providers and data transmission

How long will we store Your personal data?

Data security

Links to external sites and signing in through social networks

Social media and content created by users

Your rights and choices

Contact and information on remedies

Final provisions

About us

The Company is responsible for the personal data that You share with us, according to the applicable data protection law, the Company is a “data controller“.

Details of the data controller: ORIGO Film Group Film Producer Private Limited Liability Company (registered office: 1151 Budapest, Felsőkert u. 9, registered by the Budapest Court of Registration, registration number 01-10-045812, represented by Miklós Kele, Chairman of the Board of Directors). You can find the contact details at the end of this Guide under “Contact”.

The following companies may be considered as data controllers by requesting and filing the contact forms set out in this Guide: Origo Properties Ingatlanfejlesztő Kft. (registered office: 1151 Budapest, Felsőkert street 9, company registration number: 01-09-913566), Origo Investment Ingatlanforgalmazó- és Hasznosító Kft.(registered office: 1151 Budapest, Felsőkert street 9, company registration number: 01-09-733821), Origo Rentals Kft. (registered office: 3358 Erdőtelek, land register reference: 685, company registration number: 10-09-028970), Origo Catering Kft. (registered office: 1151 Budapest, Felsőkert street 9, company registration number: 01-09-733821), Origo Film Budapest Kft. (registered office: 1151 Budapest, Felsőkert street 9, company registration number: 01-09-734494), O.F. Omega Kft. (registered office: 2724 Újlengyel, Határ út 12., company registration number: 13-09-169589), O.F. Delta Ltd. (registered office: 3358 Erdőtelek, 685 land register reference building, Company registration number: 10-09-028970), RFD Filmgyártó Kft. (registered office: Újvidék 2724, Határ street 12, company registration number: 13-09-169897). The names of the companies listed in the Guide are collectively: Origo group of companies.


As a data controller, the Company determines, by reason of the nature of request for information on the contact form, which company or companies – by virtue of its scope of activity – it shares the personal data provided by the person concerned and they jointly decide which company provides the information to the person concerned and stores the data. This data management is considered to be joint data management defined by the GDPR as the Company is allowed to transfer the personal data provided by the person concerned, and related to the given service to another data controller, who handles it for the purpose of providing information and providing subsequent and possible service. The tasks and responsibilities relating to the joint data management are defined by the agreement between the data controllers on the basis of which the data management responsibility is distributed among the data controllers as follows: each data controller is responsible for the data management that it manages, in particular that the personal data collected are legally provided for the other data controller. Regardless of this, the person concerned can exercise his or her rights provided by the GDPR regarding each data controller.

Each business of the Origo Group of Undertakings declares that, in matters covered by this Guide, it applies the information contained in this Guide related to its data management activities and expresses that it is bound by it.


Personal data or data: any data or information that allows a natural person to be identified, directly or indirectly.

Personal Information” means information or information parts that are suitable for Your direct (for example Your name) or indirect identification (for instance as pseudonymisation, such as a unique identifier number). This means that personal data include, for example, the email address / address / mobile phone number, usernames, profile pictures, personal preferences and shopping habits, user generated contents, financial information and external features. It can also include unique numeric identifiers such as the computer’s IP address or the MAC address of your mobile device, as well as the cookies.

Data management: irrespective of the method used, any operation or any combination of operations carried out on personal data, such as collecting, recording, systemisation, grouping, storing, modifying, altering, using, retrieving, accessing, applying, communication, transmission, dissemination of personal data or otherwise making it available, alignment or interconnection, restriction, deletion and destruction.

Data controller: the one who determines the purposes and tools of data management, individually or with others.

In case of the services referred to in this Guide, the Company is considered a data controller, if it is a registered company in Hungary.

Data Controller is the website operator.

Data processor: the service provider who manages personal data on behalf of the data controller.

Privacy incident: a security breach which results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise treated.

Webpage: operated by the data controller,,, pages and their sub-pages.

Service(s): services provided by the data controller and provided by the data controller on the websites.

User: the natural person who visits the website and uses the services to provide the personal data to the data controller.

External Service Provider: third party service partners, who are connected – whether directly or indirectly – to the operation of the websites or to the provision of services available through the data controller, to whom personal data are or may be transmitted to ensure their services or who transfer personal data to the data controller. Service providers who do not cooperate with the data handler are also considered external service providers, but by having access to the service’s website, they collect data about the users which may be suitable to identify the user either individually or in combination with other data.

Guide: the data protection and data management information of the data controller.

What kind of data do we collect and how do we use it?

To become able to provide You with the right service, we need to know You. You can therefore share personal data with us in various ways that we collect and retain.


We may collect or receive data from You on our websites, forms, applications, tools, social media, or other means. Sometimes You sometimes give us this directly (for example when You contact us via the email form), sometimes we collect them (for example, using cookies to understand how You use our websites, our applications) and occasionally we get them from third parties.


We treat your personal data in accordance with the principles of good faith, fair dealing and transparency, as well as in accordance with the applicable legislation and the provisions set out in this Guide, and we apply them for the use of services to the extent necessary and exclusively specific for a purpose.



At the same time, You must guarantee that for the purpose of handling personal data provided or made available about other natural persons, You have obtained the consent of the natural person concerned while using the services. For all the data provided by You and for the uploaded and shared user content, all responsibility lies on You you as a user. When You provide Your data, You also assume responsibility that solely You use service from the provided e-mail address or with the information You provide. With respect to this responsibility, any liability associated with an entry with a given e-mail address and / or with data shall be borne exclusively by the user who has provided the e-mail address and the data. The data controller does not check the provided personal data, their trueness is guaranteed by the person who provided it.

When we collect data, the mandatory fields are marked with stars. This information is required to provide You the information you required for the purpose of using a future service (signing a contract). If you do not enter the data marked with stars, this may affect our capability to provide the requested information.

For more details, see the table below

Depending on the purpose of the use of the data, the legal basis for processing the data may be:

  • Your consent or performance of a contract (on inquiry with the help of our contact form on our websites, depending on its content);
  • our legitimate interest (to ensure the security and safety of Your devices – our websites / applications / tools – as well as their proper functioning and continuous development;
  • Other reasons, such as performance of legal obligations.

In case that Your data is handled according to your consent, it always happens with Your voluntary statement, which is based on prior and appropriate information and this statement includes Your explicit consent that Your personal data provided by You, can be used when using the site. You, as a user are entitled to withdraw Your consent at any time in the case of consent-based data handling, which, however, does not affect the lawfulness of data handling before revocation.

At the same time, You must guarantee that for the purpose of handling personal data provided or made available about other natural persons, You have obtained the consent of the natural person concerned while using the services. For all the data provided by You and for the uploaded and shared user content, all responsibility lies on You as a user.

When providing his e-mail address and given data, any user assumes responsibility that solely he uses service from the provided e-mail address or with the information he provides. Regarding this liability, any liability associated with an entry with a given e-mail address and / or with data shall be borne exclusively by the user who has provided the e-mail address and the data.

In addition to Your volunteer’s contribution, the legal basis for data handling under or in connection with the content service may be the performance of the contract because personal data can be handled if it is necessary to complete the step upon the request of the party concerned prior to the conclusion of the contract. Before the contract is concluded, the personal data can be handled on this legal basis, in the case of a request concerning personal data service.


The legal basis for data handling can also be the legitimate interest of the data controller and providing the fundamental rights of information and expression, within the limits set by law. In cases where the legitimate basis of data management is the legitimate interest of the data controller, the data controller has completed and may undertake an interest assessment test in the future that supports that the legitimate interest related to his or her data management is more important than Your data rights and freedoms related to data management.

When entering the website, the data controller records the IP address relating to the service, with due regard to its legitimate interest and the legitimate provision of the service (for example for the purpose of unlawful use or the unlawful content) without Your own consent.

The personal data we manage will not be used for purposes other than those provided in this Guide and, in some cases – referred to in this Guide -, we will not transfer it to third-party service providers, except external service providers.

Exceptions to this rule are the use of data in a statistically aggregated form which cannot contain any other data capable of identifying the user concerned, thus is not considered data management or data transmission.

The data controller may, in certain cases -breach of the interests of the data controller, jeopardising the provision of services, etc. due to official court, police investigations, legal proceedings against copyright, property or other breaches or their reasonable suspicion – make the personal data of the user concerned available to third parties.

The data controller informs the user concerned about the rectification, limitation or deletion of the personal data he or she handles, as well as informs any person to whom he previously transferred the personal data for data processing purposes. Notification may be omitted if it is not contrary to the legitimate interest of the person concerned regarding the purpose of data handling.

For more details on data management, the scope of the data being processed, the purpose and legal basis of the data management, see below.

The type of data management, its source Managed personal data Purpose of data management The legal basis for data handling Period of data handling, deadline for deleting data

Managing cookies while online browsing

Cookies * or similar technologies are pieces of information collected as part of browsing on websites /applications and / or third party websites /applications.


Specific cookies placed on a particular website / application: cookies following browsing habits


* Cookies are small text files stored on Your device (on a computer, tablet, or mobile) while browsing the web.

Unique identification number, dates and times


Depending on the interaction with us, these data may be the following:


Data regarding Your use of websites / applications:

– Where do You visit our website from?

– Login details;

– The pages You have visited;

– Videos You have watched;

– Advertisements that You have clicked or taped on;

– Your place of residence;

– – Your date of visit


Technical information:

– IP address;

– information regarding browser;

– – device information.


The unique identifier for each visitor and the expiration date of such an identifier.

Where relevant, cookies are used with other personal data that You have shared with us for the following purposes:


Ensuring the proper functioning of websites / applications:

– – proper display of content;

– – personalizing the user interface, for example in the case of a language;

– – Parameters related to Your device, including screen resolution, etc.;

– – developing our websites / applications, for example, by testing new ideas.


Providing the protection of the website / application and protecting You against fraud or misuse of our sites / services, such as carrying out troubleshooting.


To run statistics:

– To avoid multiple recording of visitors;

– Learn how users respond to our advertising campaigns;

– Developing better bidding;

– – To find out how You have discovered our websites / applications.


To provide online behaviour-based advertisements:

– Displaying online advertisements about products that You are interested in, based on Your previous behaviour;

– – Show advertisements and contents for You on social media platforms.


To personalize our services:

– submitting recommendations, advertisements or contents based on Your profile and interests;

– – Displaying our websites / applications in a personalized way, such as remembering the logging in, language, cookies for user interface customization (for example device-related parameters, including screen resolution, font preferences, etc.).


To allow sharing of our content in social media (sharing buttons for website display).

Legitimate interest

GDPR Article 6 (1) (f)

to ensure that we provide websites / applications, advertisements and communications that work properly and are constantly evolving, for cookies that are (i) essential to the functioning of our websites / applications, (ii) ensure the security and protection of our websites / applications.

The consent of the person concerned,

for all other cookies, Article 6 (1) (a) GDPR and Infotv. Article 5 (1).

The period until the relevant visitor session is closed
Handling of data provided during inquiries (via the contact form through the website)

Depending on the interaction with us

– Last name and first name,

– e-mail address

– Phone number

– E-mail address

-Other information that You have shared about Yourself in connection with Your question (which may include specific information as well).

To answer Your questions, to improve our services, if necessary, to connect with the appropriate services

The consent of the person concerned, Article 6 (1) (a) of the GDPR and Infotv. Section 5 (1) or:

the performance of the contract in the case of a request for a specific service, Article 6 (1) (b) of the GDPR

The data will be deleted on the 90th day following the closure of the case referred to in the request, unless in the individual case the data controller has a legitimate interest in the further handling of personal data, until the existence of the legitimate interest of the data controller.

The data controller uses the following data processors’ contributions and services:

Name of the company

Registered office,

contact information

Business activity: Scope of forwarded data Purpose of data transfer
Rendszerinformatika Kereskedelmi és Szolgáltató Zrt.

1134 Budapest, Váci stret 19. IV. floor.


hosting service providing, making the website available and running it properly. all personal data provided by the person concerned Data management activity of the hosting service provider
Habilitas Kft. 1136 Budapest, Hegedűs Gyula street 40. website management all personal data provided by the person concerned in connection with the websites, the display of the website and the uploading of its content primarily for the purpose of informatics and the better use of the website

The Use of Google Ad Words Conversion Tracking


The data manager uses the online advertising program called “Google Ad Words” and uses Google’s Conversion Tracking feature within it. Google conversion tracking is Google Inc.’s analytics service (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If a user accesses the site through a Google ad, a conversion tracking cookie will be placed on your computer. This way the cookie cannot be identified by the user. The information, obtained through conversion tracking cookies, is intended to make conversion statistics for your Ad Words conversion tracking customers. Customers will then be informed about the number of users who have been passed on their ad-click and conversion-tagged page. However, they do not have access to information that could identify any user.


If you do not want to participate in conversion tracking, you can reject this by blocking in your browser the possibility to have cookies installed. Then you will not be included in conversion tracking statistics.


More information and Google Privacy Statement is available at the following site:


The Use of Google Analytics


Our site uses Google Analytics, a web analytics service from Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved to your computer to help the analysis of the use of the web page visited by the user. Information generated by cookies associated with a web site used by the User is usually stored and stored on a Google server in the US. By activating IP anonymisation on a web site, Google previously abbreviates the User’s IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area. The entire IP address is forwarded to and shrunk on the Google’s server in the US only in exceptional cases. On behalf of the operator of the web page concerned, Google will use this information to evaluate how the User has used the Website and to report to the website operator related to the activity on the website as well as to perform additional services related to the website and internet use. Google Analytics does not associate the IP address transmitted by the User’s browser with other Google data. Storage of cookies can be prevented by the proper setting of the User’s browser, but please note that in this case, not all the functions of this website may be fully functional. You may also prevent Google from collecting and processing cookie information (including IP address) related to User’s site usage by downloading and installing the browser plug-in is available on the link below.


Data transfer to data managers and data processors specified in this prospectus can be done without your special consent. Issuance of personal data to a third party or authorities – unless otherwise provided by law – may only be made on the basis of an official decision or at your prior express consent.

We may share your personal data within the ORIGO business group with people or businesses authorized to receive them the basis of their job or duties in order to fulfil our legal obligations and further develop our services after we have obtained your consent to do so.

Depending on the underlying purposes of the collection, and solely complying with the required degree, members of the group of companies may access your personal data wherever possible in a pseudonymised manner (that does not enable direct identification) and solely where it is needed to provide the requested service.


Members of the group of companies for whom access is granted: according to the Information Policy.

For the purpose of performing its activities the data manager uses the data processors named above in this Prospectus. Data processors do not make a stand-alone decision, they are only entitled to act under the contract with the data manager and the instructions received, and the data manager controls the work of data processors.


After 25 May 2018 data processors record, handle and process the personal data they receive from the data manager to be handled and processed by them in accordance with the provisions of the GDPR and make the relevant statement to the data manager.


Data processors are entitled to use additional data processor only with the data manager’s consent.

Reliable external providers may also process your personal data.

To implement a wide range of our business operations on our behalf, we rely on dependable external parties.


In regards to the personal data our external providers handle in their systems the provisions of the external providers’ own privacy rules prevail. The data manager shall do all within its means to ensure that the external service provider shall manage the personal data received in compliance with law and use such data solely for the purpose specified by the user or for the purposes set out in this Prospectus. After the 25th of May 2018, external service providers record, manage and process personal data they receive from the data manager and, handle and process solely in line with the GDPR provisions and shall make the relevant statement to the data manager.


Our external providers:

Web analytics and advertising support:


The data manager cooperates with providers of web analytics and advertising support in relation to the service sites. These external providers may have access to the user’s IP address may use, in many cases, cookies, sometimes web beacons (IP address, Web tag for web pages, occasionally e-mail or mobile apps), click tag (one using a mark-up metric code identifying clicks on a particular ad) or other click metrics to provide personalization or analysis of services, statistics.


Cookies placed by these external providers can be deleted any time from the user’s device, and by choosing the appropriate settings for the browser (s), the use of cookies can generally be blocked. The cookie placed by external service providers can be identified based on the domain associated with that cookie. Rejection of web beacons, click tags, and other click metrics is not possible. These external service providers handle the personal data transmitted to them according to their own privacy policy.


Providers cooperating with the data manager in the areas of web analytics and advertising support are: Vimeo INC., Facebook Inc., Gemius Hungary Ltd., Google LLC.


External providers providing customized messaging

The data manager cooperates with an external service provider that allows the user to access certain services that they are using as other channels within the same services (such as Facebook, Messenger, Viber, etc.) the particular user uses. The external service provider may use additional cookies, questionnaires, and user registration on the website or interfaces of the external service provider to collect additional information about the User that can either be independently identified or associated with other data to identify the user. These external service providers handle the personal data transmitted to them according to their own privacy policy.


The external provider cooperating with the data manager: MailChimp.


Other external providers:


There are some external service providers with which the data manager is not in a contractual relationship or intentionally does not cooperate with them yet they still may have access to the website / services and thus collect data on users or on site activities that they occasionally – independently or individually – connected with the data collected by this external service provider – can enable the identification of the user. Such external service providers may be, in particular but not limited to: Facebook Ireland LTD., Google LLC, Instagram LLC., Infogram Software Inc., Pinterest Europe Ltd., Twitter International Company, Viber Media LLC, YouTube LLC. These external service providers handle personal data transmitted to them according to their own privacy policy.


We may provide access for our partners to your personal data:

  • In the event that the service for which you approach us is performed in cooperation between the Company and its partner, both the Company and its partner will process your personal information for their own respective purposes in the following way:
  • In compliance with the Corporation’s current Privacy Guidelines;
  • The partner also as a data manager, within its own terms and conditions, as regulated by its own privacy guidelines.
  • We may publish content from social networks on our own interfaces. If you look at content from social networking sites on our websites / apps, cookies from that social network can be stored on your device. For more information, please read the guidelines regarding cookies of these social networking sites.

Data managers shall log their data transfer to ensure that the legality of data transfer can be controlled and to provide the user with information.


We will only keep your personal information as long as we need it for the purpose for which we store your personal information to meet your needs or comply with our legal obligations.

IP addresses recorded automatically will be stored no longer than 7 days after they are placed on record.


In the case of emails sent by the User, the data manager approached will delete the email address on the 90th day upon closing the relevant case mentioned in the request, unless in the particular case the data manager has a legitimate interest in further processing the personal data until such legitimate interest of the data manager prevails.


Data that is automatically recorded during the operation of the system will be stored in the system for a reasonable period of time from the time they are generated to ensure the system’s operation. The data manager ensures that these automatically recorded data cannot be linked with other personal data, except in cases that are legally binding.

In order to comply with certain legal or regulatory obligations and to allow our company to manage our rights (for example, enforcing our court claims) or for statistical or historical purposes, some personal data may be retained. If we no longer need to use your personal information, it will be removed from our systems and records or anonymised to the extent that your identity can no longer be identified.


The data manager shall take care of the security of personal data, implements the technical and organizational measures and establishes the procedural rules, which ensure that the recorded, stored and managed data are protected, and prevents the accidental loss, unlawful destruction, unauthorized access, unauthorized use, unauthorized change, and the unauthorized distribution of data. To fulfil this obligation, the data manager shall notify all third parties to whom personal data are transferred.

We will do our best to protect your personal data and, after receiving your personal data, we strive to prevent unauthorized access with strict procedures and security measures. As the transfer of information through the Internet is not completely secure, we cannot guarantee the security of your data transmitted through our website. As such, the transfer is your own responsibility.


The data protection incident is reported by the data manager to the data protection authority without undue delay and, if possible, at the latest 72 hours after the data protection incident becomes known according to Article 55, unless the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons. If the notification does not happen within 72 hours, the reasons for proving the delay must also be attached.


If the data protection incident is likely to pose a high risk to the rights and freedom of the natural persons, the data manager shall without undue delay inform the person concerned about the data protection incident. The affected person does not need to be informed, if any of the following conditions is met:

  • the data manager has implemented appropriate technical and organizational protection measures and applied those measures to the data covered by the data protection incident, in particular measures – such as the use of encryption – that make the data access incomprehensible for persons who are unauthorized to access personal data;
  • after the data protection incident, the data manager has taken further measures to ensure that high risk for the rights and freedoms of the data subject is no longer likely to be realized;
  • the notification would require disproportionate effort. In such cases, the data subjects shall be informed by means of publicly disclosed information or a similar measure shall be taken that ensures the equally effective notification of the data subjects.


If the data manager has not yet notified the data subjects about the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to pose a high risk, may inform the data subject.


Our websites and apps may include links to or from websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these have their own privacy policies and that we are not responsible for these policies. Please review these policies before sharing any personal data with these websites.


Please note that any content published on any of our social media platforms is visible to the public, so please be cautious about publishing certain personal data, such as financial information or address information. We will not be responsible for any other acts of any other persons if you are publishing your personal data on a social media platform and at the same time recommend that you do not share such information.


We respect your right to privacy, it’s important that you can control your own personal data.

You have the following rights:

Rights Relevant content
The right to information You have the right to obtain clear, transparent and easily understandable information about how your personal data is used and about the rights that are described in this Announcement.
The right to access

You have the right to receive feedback from the data manager about whether the management of your personal data is in progress and, if such data management is in progress, you have the right to have access to your personal data and to the information listed in the Regulation.


We do not respond to obviously unfounded, excessive or repeated requests.

The right to correction You are entitled to request the data manager to correct any inaccurate personal data regarding you, without undue delay. Taking into account the purpose of data management, you are entitled to request the supplementation of incomplete personal data – including by means of a supplementary statement.
The right to delete/efface

In certain cases, you are entitled to delete your personal data. This is not an absolute right, as there are cases (such as fulfilling a legal obligation) when we are entitled to retain personal data.

By your right to deletion, you are entitled to request the data manager to delete any disclosed personal data regarding you without undue delay, and the data manager is obliged to delete your personal data without undue delay under certain conditions.

According to the right to efface, if the data manager has disclosed personal data and it is obliged to delete it, then, taking into account the costs of available technology and implementation, the data manager shall take the reasonably expectable measures – including technical measures -, in order to inform the data managers that manage the data, that you have requested the deletion of such personal data and duplicates or duplicate copies of such personal data.

The right to withdraw the contribution to consent-based processing at any time

If Your data is processed based on a consent, You may revoke your consent for processing them. The withdrawal of the consent shall not affect the lawfulness of the processing of data processed prior to the withdrawal.

If your personal data is handled for direct business acquisition, you are entitled to protest at any time against the handling of any personal data relating to You, including profiling, if it is related to direct business acquisition. If You object to personal data being handled for direct business purposes, Your personal information can no longer be handled for that purpose.

The right to object to processing data based on legitimate interests If Your data is processed based on a legitimate interest, You may withdraw your consent at any time to process them. Above You can find out whether processing is based on a legitimate interest or not.
The right to submit a complaint to the supervisory authority

You have the right to contact the data protection authority and You may also apply to the court in order to complain about the privacy practices of the Company.


Please contact us at the following contact details before submitting Your complaint to the relevant data protection authority.

Law related to data transfer You are entitled to receive the personal information concerning You in an articulated, widely used machine-readable format, and have the right to transmit this data to another data controller without being obstructed by the data controller that provided the personal data to You.
The right of restriction

You are entitled to request that Your data controller should restrict Your data management if one of the following conditions is met:

– You dispute the accuracy of your personal data; in this case, the restriction applies to the period that allows the data controller to check the accuracy of personal data;

– Data handling is illegal and You are opposed to the deletion of data and instead You ask to restrict their use;

– the data controller no longer needs personal data for data management, but You require them to submit, enforce, or protect legal claims;

– – You have protested against data management; in this case, the restriction applies to the period in which it is established whether the legitimate reasons of the data controller have priority over Your legitimate reasons.

The right to disable cookies

You are entitled to disable cookies. By default, Internet browsers are set to accept cookies, but You can modify this by modifying Your browser settings.

Many cookies are used to improve the usability or functionality of websites / applications; blocking cookies may therefore prevent access to certain parts of websites / applications.

To restrict all cookies that You have set (which may prevent using some parts of the site), You can do so in your browser settings. For information about how to do this, see the Help function in the browser. For more information, please see the link below:;

The right to protest You are entitled, at any time, to object to the processing of your personal data for the purpose of implementing the legitimate interests of the data controller or the legitimate interests of a third party, or necessary for carrying out a task within the frame of a public authority’s power conferred on the data controller, unless these interests prevail the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (including profiling based on those provisions). In this case, we will not be able to process personal data unless we can prove that data management is justified by legitimate enforceable reasons that have priority over the interests, rights and freedoms of people concerned, or which relate to the submission, enforcement or protection of legal claims. If your personal data is handled for direct business, the person concerned is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct business acquisition. If a person objects to the personal data being handled for direct business purposes, personal data may no longer be handled for that purpose.

You can submit Your application on any of our contact below, under „Contact”.

The data controller shall inform You, without undue delay, but no later than one month after the receipt of the request, of the measures taken in response to such requests. The deadline, exceptionally, may be extended by two months, and the data controller shall inform You about it within one month of the receipt of the application indicating the reasons for the delay.

If the data controller fails to take measures upon Your request, he or she will notify You without delay but at the latest within one month of the receipt of the request about the reasons of the failure to take the proposed measures and whether You may submit a complaint for a supervisory authority and have the right of judicial redress.

Contact and information on remedies

If You have any questions or concerns about handling Your personal information or You wish to have one of these rights, please contact us at the following contact details:

Name of the data controller: ORIGO Film Group Film Producer Private Limited liability Company Registered office of the data controller: 1151 Budapest, Felsőkert street. 9


Contact details of the data controller, its regularly used e-mail address for keeping in touch with users:

Telephone number of the data controller: +36 (1) 327-05-90


Data Protection Officer: Mihály Tóth

Contact details:

Address: Habilitas Kft., 1136 Budapest, Hegedűs Gyula street. 40

Phone number: +36 30 489 1212

Electronic mailing address:


You can submit a complaint against a possible infringement of the data controller with the Hungarian National Authority for Data Protection and Freedom of Information:


Nemzeti Adatvédelmi és Információszabadság Hatóság
(Hungarian National Authority for Data Protection and Freedom of Information)

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Mailbox: 5.

Phone number: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail address:

Judicial channel: The legal actions related to data protection fall within the jurisdiction of the court. The case may be initiated – according to his choice – before the court where the person concerned is resident or has a place of residence.

Final provisions

The Data Controller reserves the right to modify this Guide at any time by its unilateral decision. At a subsequent visit, the user accepts the applicable provisions of this Prospectus being in force at any time.



Budapest, 25. May 2018