hu | en

Data Protection Information

for visitors to the website


FirstFarms Hungary Ltd. is conducting agricultural (and, within that, animal breeding) activities, in connection with which it handles data associated with the provision of services.

During the operation of the website, FirstFarms Hungary Ltd. (hereinafter: Service Provider) handles the personal data of persons sending inquiries to, soliciting bids or offers at, or submitting résumés (CVs) to the website (hereinafter collectively referred to as Data Subjects).

1. Contact details of Controller (Data Handler)

Name: FirstFarms Hungary Ltd.
Registered office and mailing address: H-5932 Gádoros, Tanya hrsz:073/8. 1
Name and telephone number of representative: Tamás Sarusi-Kis, +36 (68) 490 061
Email address:

2. Scope of the data handled

In order to have access to different services, users of the website are requested to provide different personal data, taking into consideration the principle of data minimization. The scope of the present Data Protection Information extends exclusively to the handling of natural persons visiting the website, having regard to the fact that personal data can only be interpreted in relation to natural persons.
Anonymous information collected by Controller by the exclusion of personal identifiability, which cannot be brought into connection with natural persons, does not qualify as personal data. Demographic data collected by Controller without connecting them to the personal data of identifiable persons, which thus cannot be brought into association with natural persons, also do not qualify as personal data.

The scope of data handled, listed item by item, is as follows:

2.1 Persons soliciting bids or offers/asking for price quotations
- Name
- Email address
- Telephone number

2.2 Persons applying to jobs or situations offered
- Name
- Email address
- Telephone number
- Attachment of a résumé (CV)

2.3 Children

Our products and services are not intended for persons under 16 years of age; therefore, persons under 16 years of age are requested not to provide personal data to Controller. If it comes to our knowledge that we have collected personal data from children under 16 years of age, we will take the steps necessary for the deletion of these data as soon as possible.

3. Cookie (anonymous user identification) handling information

The Controller places anonymous user identifications (cookies) on the Data Subject’s computer which, in itself, is not able to identify the Data Subject in any manner. Cookies are only suitable for recognizing the Data Subject’s computer; however, they do not store IP addresses and do not forward IP addresses as personal data to the Service Provider. The cookies applied are simple, short text files of small size. They do not make it necessary to provide personal data or information as, when using this solution, the User does not provide personal data to the Service Provider and the data exchange occurs only and exclusively between the computers.

Own cookies necessary for the operation of the website
For the operation of the website it is indispensable to place a few cookies on the Data Subject’s computer, as this makes the opening of the website faster and this enables the Data Subject’s browser to store certain pieces of information from the website and this helps the Data Subject in using the website with all its modules working properly.

cb-enabled (30 days)
Function: This prevents rebooting after acceptance of the cookie bar. If the Data Subject chooses the ‘ACCEPT’ option, we save this choice and we will not request further approval for 30 days.

KRID (1–7 days)
Function: It has importance for registration and for the cart functions. It is necessary for the products to remain in the cart after the user leaves the cart and browses the website further, or for ensuring that the system does not log out the user while they browse the website after having entered a registered interface.

Analytical cookies
In order to obtain data on the number of visits to our website and other web analytical data, the Service provider makes use of the services of independent analytical servers, specifically the Google Analytics software. The Data Subject can obtain information about the handling of the measured data from these service providers.

In the case of Google Analytics, the Service Provider has set the code of the website in such a way that Google Analytics anonymizes the Data Subject’s IP address which is thus non-identifiable anymore and is not made available to the Service Provider. You can read more about this technology by clicking on the following link:

Our aim with the information anonymized by the above software is to analyse the number of visits to, and the functional use of, our website in order to improve user experience (e.g. the provision of optimized navigation or the sequence of placing information on a subpage).

These measurements do not store such data (neither IP addresses nor personal data) about the users which would make it possible to identify the user.

The data protection guidelines of Google Inc. are accessible on the following webpage:

About the cookies used the service providers concerned can give more detailed information:

Answers to questions related to the identification and features of Google Analytics cookies can be found here:

Cookies used for advertisements
The Service Provider may make use of 21st century online marketing techniques, specifically the Google AdWords and Facebook advertisements. These advertising techniques use cookies during their operation. These cookies help the system present such advertisements to the Data Subjects which fall within their actual scope of interest, rather than advertisements which are irrelevant to them. On the Portal the Service Provider uses the remarketing codes provided by Google AdWords and Facebook. The remarketing codes also use cookies.
The installed cookie does not forward personal data to the Service Provider; rather, it only helps ensuring the appearance of advertisements related to the Service Provider’s products and services on other websites belonging to the Google Display network that the Portal’s visitor subsequently visits, as well as on Facebook.

Manual revision of automatic preferences related to advertisements, intervention and setting possibilities
The user can ban the cookies and customize the advertisements at any time on the advertisement settings interface of Google and Facebook.

The Data Subject can set and adjust the data protection (privacy) settings of their Google user account here:

The data protection (privacy) settings of the Facebook user account can be reached in the Settings menu, under the settings tab related to data protection and advertisements.

Disabling cookies and banning their use

Changing browser settings:
The ‘Help’ function that can be found on the menu bar of most browsers provides information on

  • how cookies can be disabled in the browser,
  • how users can enable new cookies, or
  • how users can instruct their browser to enable a new cookie, or
  • how other cookies can be disabled.

Cookie blocking extensions to browser:
If the Data Subjects do not want to allow Google Analytics to measure the above data in the manner and with the objective described above, they should install in their browser a cookie blocking extension.

Using an external solution for cookie management:
With the help of external websites the Data Subjects can select the type of Service Providers, for whom they allow cookie activities of advertising purpose on their computer. One possible solution is AdChoices, which is available also in Hungarian language.
4. Social media extensions

In default, the extensions are disabled on the Portal. These extensions are also cookies. The extensions will be enabled only if the Data Subject clicks on the button serving for this purpose (e.g. likes an article, pins a picture, or starts to follow the Service Provider’s Facebook page using the ‘Like’ button on the page). By enabling the extension, i.e. by clicking on the ‘Like’ button the Data Subject establishes contact with the social media page, i.e. clearly expresses their consent to forwarding their data to Facebook/Twitter/Linked-in/Pinterest/Instagram.
If the Data Subject is logged in Facebook/Twitter/Linked-in/Pinterest/Instagram, it may happen that the given social media network associates their visit with the Data Subject’s social media account.

If the Data Subject clicks on one of the above-mentioned social media buttons, their browser will forward the relevant information directly to the given social media network, and store these data there.

The information about the scope and objectives of data collection, on the further processing and use of the Data Subject’s data by Facebook/Twitter/Linked-in/Pinterest/Instagram, as well as on the Data Subject’s rights and settings regarding the protection of Data Subject’s personal data can be found in the data protection declaration of the given social media.
Users making use of the services of the website note that, by using the website, they have consented to the processing of their data by Google.

5. Technical data – log files

In the interest of making use of the services, the system automatically logs the following data:
- the dynamic IP address of user’s computer
- depending on the settings of user’s computer, the type of user’s browser and operating system
- user’s activity related to the website
The use of these data partially serves for technical purposes (analysis and subsequent control of the safe use of servers). This is an automatic IT process, during which the data are recorded in server logs without the Data Subject’s declaration of consent.
The above data are not suitable for identifying the user and the Controller does not connect them with other personal data. The system stores these log files for 6 months as from the date of the visit.

6. Legal basis and objective of data handling

6.1 In the case of persons soliciting bids/price quotations and inquirers
the data handling is necessary for the steps preceding the conclusion of a contract, and the objective of data handling is to provide customized services to the Data Subjects as well as to send to the Data Subjects a price quotation which may serve as a basis of a potential future contract or order.

6.2 In the case of persons applying for jobs or positions offered
the data handling is done with the Data Subjects’ consent, and its objective is the filling of vacant positions available at the Service Provider (the selection of labour) and the provision of information about the open career possibilities. On the website, under the menu item ‘Career/Position’ the Data Subject can upload their résumé (CV), by which the Data Subject authorizes the Service Provider to handle the personal data presented in the CV.

7. Duration of data handling

7.1 Persons soliciting bids/price quotations and inquirers
If a contract has been concluded, the data of such persons are handled during the validity of the contract and, according to the Accounting Act, for 8 years following the year of performance. If no contract has been entered into, i.e. the objective has not been attained, then the data are handled by the Service Provider up to 1 March in the year after the expiration of the offer.

7.2 Persons applying for jobs/positions offered
The data of such persons are handled until the Data Subject withdraws their consent or until the expiry of the 3-month term of probation after the vacant position concerned was filled.

8. Persons authorized to have access to the data, data transfer, data processing

The internal employees of Service Provider are authorized to have access to the personal data collected from the Data Subjects but they are not entitled to publish these data. Such data may be forwarded to third parties for data handling exclusively at the Data Subjects’ request, to the addressee specified by the Data Subject.

The Service Provider may employ a data processor for the performance of tasks arising in connection with its activities (bookkeeping, issue of electronic invoices, distribution of newsletters).

The categories of data processors and the addressees of data transfer:

Name: Dolphin Ltd.
Registered office: H-1132 Budapest, Alig utca 14
Category: electronic invoicing software

Name: DBI Szoftver Ltd.
Registered office: H-4034 Debrecen, Vágóhíd utca 2
Category: shared web hosting service operator

9. The rights of Data Subjects, available legal remedies

9.1 The Data Subjects may ask the Controller (Data Handler)
a) to inform them about the handling of their personal data,
b) to correct their personal data, and
c) to delete or block their personal data (with the exception of the compulsory data handling),
d) to forward their personal data to another data handler.

9.2 At the Data Subject’s request, the Controller must give, within 30 days as of the submission of the relevant request at the latest, written information about the Data Subject’s data handled by Controller or by a data processor commissioned by, or according to the instructions given by, Controller, about the source of these data, about the objective, legal basis and duration of the data processing, about the name, address and data handling related activities of the data processor and, provided that the Data Subject’s personal data are forwarded, about the legal basis and addressee of the data transfer.

The provision of this information is free of charge if the party requesting the information has not submitted to Controller a request for information relating to the same field in the current year. In all other cases the Controller sets a charge for this information supply, with the proviso that the charge already paid must be repaid if the Data Subject’s data were unlawfully handled or if the request for information led to data correction.

In order to verify the lawfulness of data transfer and to inform the Data Subject, the Controller shall keep data transfer records which contain the date of transferring the personal data handled by Controller, the legal basis and addressee of the data transfer, specification of the scope of personal data transferred, and other data specified in the rule of law prescribing the data handling.

In order to check the measures taken in relation to the data protection incident and to inform the Data Subject, the Service provider shall keep data protection incident records, which contain the scope of Data Subject’s personal data, the scope and number of Data Subjects affected by the data protection incident, the date, circumstances and impact of the data protection incident and the measures taken to prevent it, as well as other data specified in the rule of law prescribing the data handling.

9.3 The Data Subject is entitled to request the correction of their erroneously recorded data or the deletion thereof. Such requests must be submitted in writing, in the form of a letter sent by post or in an electronic letter (email). The Service Provider will delete the data within three workdays as from the receipt of the application; in this case it will not be possible to restore the data. Deletion does not apply to the data handling prescribed by a rule of law (e.g. accounting regulations); these data will be kept by Service Provider for the necessary period of time.

9.4 Furthermore, the Data Subjects may request the blocking of their data and the transfer of their data to another data handler. The Service Provider will block the personal data if this is requested by the Data Subject, or if the information at its disposal suggests that the deletion of these data would hurt the Data Subject’s lawful interests. The personal data thus blocked may be handled only until the data handling objective excluding the deletion of the given personal data persists.

The Data Subject as well as those to whom the data have been transferred for data handling purposes must be notified of the correction, blocking and deletion of the data. This notification may be omitted if this does not hurt the Data Subject’s lawful interests with regard to the objective of data handling.
If the Service Provider fails to comply with the Data Subject’s request for correction, blocking or deletion of the data, the Service Provider shall specify the factual and legal reasons for rejecting the request for correction, blocking and deletion in writing within 30 days as from the receipt of the said request.

The Data Subject may send to Controller the following requests or provisions using one of the contact addresses specified in point 9.5:

  • The Data Subject may request the transfer of their data to another data handler if the handling of data is based on a contract or consent and if the Service Provider handles these data in the framework of an automated procedure.
  • The Data Subject may withdraw their consent previously given to the data handling.

The Data Subject may lodge a protest against the handling of their personal data. The Service Provider shall examine the protest within the shortest possible time as of the submission of the application but at most within 15 days, makes a decision on the merits of the protest and notifies the applicant of its decision in writing. If the request for correction, blocking or deletion is rejected, the Controller shall inform the Data Subject about the possibility of a judicial remedy before a court or the right to complain to a supervisory authority.

Information about data security measures:
The Controller shall make sure that a default and integrated data protection system is in place. The Controller shall take adequate technical and organizational measures to ensure that

  • access to the data is accurately regulated;
  • access is authorized only for persons who need the data concerned for performing a certain task, and even in that case only those data should be accessible which are minimally necessary for performing the given task;
  • the Controller shall exercise circumspection when selecting the data processors entrusted by it, and shall enter into an adequate data processor’s contract with them in order to guarantee the security of data;
  • the Controller shall ensure the integrity (unchanged character), authenticity and protection of the data.

The Controller takes reasonable physical, technical and organizational security measures in order to protect the Data Subject’s data, especially against their accidental, unauthorized and unlawful destruction, loss, alteration, transfer, use, access or processing. In case of a known unauthorized access to, or use of, the personal data that poses a high risk to the Data Subject, the Controller shall notify the Data Subject without delay.

If there is a need to transfer Data Subject’s data, the Controller shall ensure the adequate protection of the transferred data, e.g. by encryption of the data set. The Controller shall bear full responsibility for the handling of Data Subject’s data by third parties.

By performing regular file backup saves, the Controller makes sure that the Data Subject’s data are protected against destruction or accidental loss.

9.5 The Data Subject may exercise their rights using the following contact addresses:
Mailing address: FirstFarms Hungary Ltd., H-5932 Gádoros, Tanya hrsz:073/8.
Email address:
The Data Subject may contact the Service Provider’s responsible employee with any question or comment regarding the data handling, using the contact addresses specified in point 9.5.
9.6 Based upon the GDPR, the Information Act and the Civil Code (Act V of 2013), the Data Subjects can turn to the

  • National Authority for Data Protection and Freedom of Information (H-1125 Budapest, Szilágyi Erzsébet fasor 22/c; or
  • enforce their rights before a Court.

9.7 If during registration for making use of a service or subscribing to the newsletter the Data Subject provided the data of a third party, instead of their own, or caused damage in any way during the use of the website, the Service Provider is entitled to claim and enforce damages from the Data Subject. In such cases, the Service Provider will do its best to help the authorities proceeding in the matter to determine the offender’s identity.