PRIZE DRAW

Game and Data Handling Rules

11.02.2024.

1. Organizer of the game and a brief description of the game

    1. The organizer of the prize draws (hereinafter "Game, Campaign") is Origami Bikini Kft., registered office: 89 Szabadkai Street, Szeged, 6729, tax number: 14542343-2-06, company registration number: 06-09-013264, hereinafter referred to as the "Organizer/data controller."

    2. Participants can contact the Organizer at the following:

      1. Phone: +3620/299-3103

      2. Email: webshop@origamibikini.hu

    3. The prizes are provided by the Organizer.

    4. This game regulation can be viewed in writing at the registered office of Origami Bikini Ltd. at a pre-arranged time.

    5. This regulation is available on the following website: https://www.origamiwebshop.hu

    6. The game is not a regular game; it takes place only in predetermined, specified periods.

    7. During the campaign, the Organizer may advertise this Game in advertisements. This Game Regulation is considered comprehensive information regarding the Game. The Organizer excludes any liability for interpretations different from this Game Regulation placed elsewhere.

  1. Participation conditions

    1. Every natural person who has reached the age of 18 can participate in the Game. Participation is free. The person participating in the game is hereinafter referred to as the "Player."

    2. The description of the game: The exact description of the Prize Draw is included in the call for the Prize Draw, which is determined by the Game Organizer or its representatives on the social media pages described above.

    3. By participating in the game, the player is considered to have accepted the regulations and agrees to the processing of personal data as formulated in it. It is acknowledged that the regulations are considered a contract, so data processing is necessary to fulfill the contract.

    4. Game duration: The duration of the specific prize draw is determined when the prize draw is announced.

    5. Activities before and after the start and end of the Games do not participate in the game.

    6. The Organizer has the right to verify the authenticity of the data provided by the winning players.

    7. Providing false information leads to the exclusion of the player.

    8. If the player is unreachable for 3 days or provides false information, the player loses the right to the prize.

  1. Prizes and drawings

    1. The prize, especially its type and quantity, is precisely determined in the call for the Prize Draw.

    2. Eligible for the prize is the player who participated in the game and becomes the winner in the drawing. The offered prize cannot be converted into cash.

    3. The Organizer undertakes to bear any taxes payable on the prize in accordance with applicable laws. The prizes are non-transferable.

    4. The Organizer undertakes to fulfill its reporting, data provision, and payment obligations related to taxes imposed on the prizes in accordance with applicable laws. In case of incomplete or untimely data provision, the Organizer is not able to hand over the prize.

    5. The Organizer reserves the right to offer additional prizes during the Game and make them available to the Players.

    6. The Game Organizer randomly selects winners from the players who participated in the prize draw in accordance with the regulations.

    7. The Game Organizer draws as many winners as specified in the call for the Prize Draw.

    8. The winners are notified publicly on the social media platform of the specific prize draw through its messaging system. Subsequently, the winner contacts the Game Organizer, provides the necessary data for delivering the prize in private messages.

    9. If, after the drawing, it is revealed that the provided email address does not exist, or the player does not contact the Organizer within 3 days, a substitute winner steps in according to point 5.

  1. Exclusion

    1. Players who do not accept this Game Regulation or violate any of its points cannot participate in the Game and prize draws. If a violation of the rules is discovered after the prize is drawn, the irregular player loses the right to receive the prize and must return it or pay its monetary equivalent to the Organizer and cooperate with the Organizer in all other respects.

    2. Employees and close relatives of the Organizers, their representatives, agencies, employees, and close relatives of companies directly involved in the organization, owners, executives, employees, representatives, and close relatives of other companies directly involved in the implementation, cannot receive prizes if they participate.

    3. In case of participation, they cannot receive their prizes; these will be redrawn.

  1. Alternate Winners, Drawing of Unclaimed or Unreceived Prizes

    1. All players who fully comply with the participation rules of the game participate in the drawing.

    2. Alternate winners are only notified by the organizers if they become eligible for any prize.

    3. The organizers draw alternate winners for all unclaimed prizes. Notification of the alternate winner(s) is done publicly on the respective community platform of the prize game, through its messaging system.

    4. If the winner of a prize does not accept the prize, the organizers consider it as a waiver of the prize, and the alternate winner is entitled to it.

    5. The organizers completely exclude their liability in cases where the alternate winner, aware that they did not win earlier, did not comply with these Game Rules before learning about the result of the alternate drawing and, therefore, cannot claim a prize obtained later.

  1. Taxation, Reporting Obligations

    1. The tax payable on the prizes is covered by the organizers. The winner must provide the organizers with all necessary information that may be required to fulfill tax obligations related to the prize and must cooperate in all other respects with the organizers.

    2. Players do not have tax payment obligations on the prizes won.

    3. This prize game, according to the Act XXXIV of 1991 on the organization of games of chance, is not subject to reporting as a gift draw and does not qualify as a game of chance.

  1. Prize Delivery

    1. Drawing Date: Takes place at the announced time in the game or shortly thereafter.

    2. Prize delivery occurs after the drawing event through courier service.

  1. Exclusion of Liability

    1. The Organizer is not responsible for data inaccuracies (misspelling, email address error, false information, etc.) and the Player's omissions that burden them with notification and/or delivery delays.

    2. Players bear all consequences arising from incorrectly provided data or the inability of their mailbox to receive messages. The accuracy of the data cannot be verified by the Organizer during (or after) registration for the game. In this regard, responsibility and all legal and financial consequences always lie with the players.

    3. The Organizer excludes responsibility for defects in the prizes unless explicit provisions of Hungarian law prohibit the exclusion of liability. The Organizer disclaims all responsibility for any participation-related claims, costs, damages, or losses arising from errors, deficiencies, or faulty operation of the game or delays occurring during the game.

    4. The Organizer is not responsible if the game or the website containing the game is temporarily unavailable for technical reasons during the game's duration.

  1. Data Handling

Prize Game

    1. The data of users participating in the game is used by Origami-Bikini Kft. strictly for the purpose, exclusively for its services, and for communication related to the Player's participation in this prize game.

    2. By accepting these Game Rules, the Player consents to having their personal data provided during the data matching process, in the event of winning, disclosed in the list of winners by Origami-Bikini Kft., and to being recorded during the drawing.

    3. Origami-Bikini Kft. declares that it has complied with the legal regulations regarding data management before organizing the game.

    4. Origami-Bikini Kft. handles the data of Players in accordance with its Privacy Policy.

    5. The fact of data management, the scope of processed data: Instagram/Facebook profile, last name, first name, email address, address, phone number, image, and voice of the person concerned in case of drawing or prize presentation.

    6. Scope of individuals affected: All participants in the game.

    7. Purpose of data management: Fulfilling the function of the prize game, conducting the drawing, and delivering the prize.

    8. Duration of data management, deadline for data deletion: The data controller manages the data until the drawing or the prize presentation.

    9. Identity of possible data controllers authorized to access the data: The personal data may be processed by the marketing and sales staff of the data controller, respecting the above principles.

    10. Explanation of the rights of individuals regarding data management: The individual can request the deletion of their personal data at any time using the following contact information:

    11. Legal basis for data management: Article 6(b) of the GDPR.

Data Transfer (Recipient) for the Mailing of Prizes

    1. The fact of data management, the scope of processed data for the purpose of mailing prizes: Last name, first name, address, email address, phone number.

    2. Scope of individuals affected: All individuals requesting the delivery of prizes.

    3. Purpose of data management: Delivery of prizes.

    4. Duration of data management, deadline for data deletion: Until the completion of the delivery.

    5. Identity of possible data controllers authorized to access the data: The personal data may be processed by the following, respecting the above principles:

    1. Explanation of the rights of individuals regarding data management: The individual can request the prompt deletion of their personal data from the delivery service provider.

    2. Legal basis for data transfer: Article 6(b) of the GDPR.

Customer Relations and Other Data Management

    1. If questions arise during the game or if the individual has any issues, they can contact the data controller through the Organizer's contact information (phone, email, social media, etc.).

    2. The data controller deletes received emails, messages, phone calls, etc., along with the enquirer's name, email address, and any other voluntarily provided personal data, within a maximum of 5 years from the date of disclosure.

    3. Information about data management not listed in this statement will be provided at the time of data collection.

Rights of Data Subjects

  1. Right of Access

You have the right to receive feedback from the data controller regarding whether the processing of your personal data is underway, and if such processing is underway, you are entitled to access personal data and information listed in the regulation.

  1. Right to Rectification

You have the right to request the data controller to promptly correct inaccurate personal data concerning you. Taking into account the purpose of the data processing, you are entitled to request the completion of incomplete personal data through, among other things, a supplementary statement.

  1. Right to Erasure

You have the right to request the data controller to erase your personal data without undue delay, and the data controller is obliged to erase your personal data without undue delay under certain conditions.

  1. Right to Be Forgotten

If the data controller has made your personal data public and is obliged to delete it, it takes reasonable steps, including technical measures, with consideration of the available technology and implementation costs, to inform other data controllers processing the data that you have requested the deletion of links to, or copies or duplicates of, the specific personal data.

  1. Right to Restriction of Processing

You have the right to request the data controller to restrict processing if one of the following conditions is met:

  • You dispute the accuracy of personal data, in which case the restriction applies for the period allowing the data controller to verify the accuracy of the personal data.

  • The processing is unlawful, and you oppose the deletion of data, requesting the restriction of their use instead.

  • The data controller no longer needs the personal data for processing purposes, but you require them for the establishment, exercise, or defense of legal claims.

  • You have objected to the processing; in this case, the restriction applies until it is determined whether the legitimate grounds of the data controller override yours.

  1. Right to Data Portability

You have the right to receive your personal data provided to a data controller in a structured, commonly used, machine-readable format, and you have the right to transmit this data to another data controller without hindrance from the data controller that provided the personal data (...)

  1. Right to Object

You have the right to object to the processing of your personal data (...) for reasons related to your particular situation, including profiling based on the mentioned provisions.

  1. Objection in Direct Marketing Cases

If the processing of personal data is carried out for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling, if it relates to direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes.

  1. Automated Decision-Making in Individual Cases, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which would have legal effects on you or significantly affect you in a similar way. The preceding paragraph does not apply if the decision:

  • Is necessary for the conclusion or performance of a contract between you and the data controller.

  • Is authorized by applicable EU or member state law that provides for suitable measures to safeguard your rights, freedoms, and legitimate interests; or

  • Is based on your explicit consent.

Deadline for Measures

The data controller will inform you without undue delay, but in any case within 1 month of receiving the request, about the measures taken as a result of the above requests. If necessary, this period can be extended by 2 months. The data controller will inform you of the extension of the deadline, specifying the reasons for the delay, within 1 month of receiving the request.

If the data controller does not take measures based on your request, you will be informed without undue delay, but no later than 1 month from the receipt of the request, about the reasons for the lack of action and that you can file a complaint with a supervisory authority and exercise your right to judicial remedy.

Security of Data Processing

The data controller and the data processor shall implement appropriate technical and organizational measures, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of data processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons. This is done to ensure a level of data security appropriate to the risk, including, among other things:

a) Pseudonymization and encryption of personal data;

b) Ensuring the ongoing confidentiality, integrity, availability, and resilience of systems and services used for personal data processing;

c) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

d) A procedure for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure the security of data processing.

Notification of Data Subjects Regarding Data Breach

If a data breach is likely to result in a high risk to the rights and freedoms of natural persons, the data controller shall inform the data subject of the data breach without undue delay.

The information provided to the data subject must clearly and understandably describe the nature of the data breach, provide the name and contact details of the data protection officer or another contact person who can provide further information, outline the likely consequences of the data breach, and describe the measures taken or planned by the data controller to address the data breach, including, where appropriate, measures to mitigate any adverse effects of the data breach.

The data subject does not need to be informed if any of the following conditions are met:

  • The data controller has implemented appropriate technical and organizational protection measures, and those measures have been applied to the data affected by the data breach, particularly measures such as encryption that make the data unintelligible to unauthorized persons;

  • The data controller has taken subsequent measures following the data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialize;

  • Notification would require disproportionate effort. In such cases, data subjects must be informed through publicly available information or through similar measures ensuring effective information.

If the data controller has not notified the data subject of the data breach, the supervisory authority may, after considering whether the data breach is likely to result in a high risk, order the data subject to be informed.

Reporting a Data Breach to the Authority

The data controller shall report the data breach to the competent supervisory authority without undue delay, and where feasible, no later than 72 hours after becoming aware of the data breach, unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it must be accompanied by reasons for the delay.

Complaint Option

In case of a possible violation by the data controller, a complaint can be filed with the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information 1055 Budapest, Falk Miksa utca 9-11. Mailing address: 1363 Budapest, Pf. 9. Phone: +36 -1-391-1400 Fax: +36-1-391-1410 Email: ugyfelszolgalat@naih.hu

Miscellaneous Provisions

10.1. The Organizer reserves the right to supplement or modify these terms or the Game itself in a way that is only favorable to the Players or to comply with current legal regulations.

10.2. General Terms and Conditions of the Organizer, or the applicable Hungarian laws, apply to all matters not regulated in these Game Rules.

10.3. This contest is in no way supported, endorsed, or administered by or associated with Instagram/Facebook.