Privacy Notice

Kezdőlap » Privacy Notice

Privacy Notice

The purpose of this Notice is to provide transparent, clear and understandable information about the processing of personal data carried out through the interfaces of the O.F.SZ. Országos Fizetési Szolgáltató Zrt. eID application (the “Application”), before any processing takes place, thereby ensuring data subjects’ right to be informed.

The Data Controller processes personal data in its possession in accordance with the GDPR, the Hungarian Information Act (Infotv.), and this Notice. For matters not covered by this Notice regarding data processing, the provisions of the GDPR and the Infotv. shall apply. This Privacy Notice is effective from 22 December 2025.

1. Details of the Data Controller, its representative and the Data Protection Officer

Data Controller details:

Name: O.F.SZ. Országos Fizetési Szolgáltató Zrt.

Registered seat: 1026 Budapest, Pasaréti út 83. 1. em.

Company registration number: 01-10-047548

Representative: dr. Feith Zoltán vezérigazgató

Postal address: 1026 Budapest, Pasaréti út 83. 1. em.

Email: info@ofsz.hu

Phone: +36 1 999 2222

Website: https://ofsz.hu/

hereinafter: “Data Controller / O.F.SZ. Zrt.”

Data Protection Officer of the Data Controller

Name: Dr. Szabó István Tamás Ügyvédi Iroda

Registered seat: 1132 Budapest, Váci út 18. IV. emelet

Represented by: Dr. Szabó István Tamás, irodavezető ügyvéd

Email: szabo@istvantamas.hu

Phone: +36306313653

hereinafter: “Data Protection Officer”.

2. Purpose of processing and categories of personal data

The O.F.SZ. eID Application serves exclusively for authentication of card transactions (approval or

rejection of an authentication request). For this purpose, the Data Controller processes the personal

data of the data subject via the Application.

Legal basis:	Legitimate interest pursuant to GDPR Article 6(1)(f). The legitimate interest is to ensure transaction authentication and reliable operation of the Application.
Purpose of processing:	Operating transaction authentication and ensuring reliable operation (providing the authentication function; delivering push notifications and performance issues and improving stability and reliability).
Categories of data processed:	User identifier (token serial number used to link the Application to the user’s authentication profile); device identifier(s); crash logs; performance and diagnostic data (performance and stability indicators).
Source of data:	The data subject.
Retention period:	Data is stored for as long as necessary for authentication, security, reliability and compliance purposes. The token serial number (user identifier) is archived and retained for security and audit purposes even if the user removes the Application.
Method of processing:	Electronic storage and transmission. Data transfer takes place via an encrypted channel (e.g., TLS/HTTPS) and reasonable technical and organisational measures are applied (including access control).
Data transfer / recipient:	ASEE SOLUTIONS d.o.o. (registered seat: Ulica grada Vukovara 269d, 10000 Zagreb, Croatia) – data processor.

3. Rights of the data subject

The data subject may request from the Data Controller access to personal data relating to them, rectification, erasure or restriction of processing, may object to processing, and may exercise the right to data portability.

If the data subject considers that the processing of personal data relating to them infringes the GDPR or the Infotv., they may lodge a complaint with the Data Controller and/or the Data Protection Officer.

The Data Controller shall inform the data subject about the progress and outcome of the complaint procedure and about the right to judicial remedy.

The data subject is entitled to an effective judicial remedy if they consider that their rights under the GDPR or the Infotv. have been infringed as a result of unlawful processing.

Any data subject is entitled to lodge a complaint with the competent supervisory authority if the consider that the processing of personal data relating to them infringes the GDPR or the Infotv. Jurisdiction of the supervisory authorit Proceedings against the Data Controller or the processor shall be initiated before the supervisory authority of the Member State where

• the data subject has habitual residence, their place of work, or

• the place of the alleged infringement is located.

In the procedure, the data subject is not a party; they only have the right to request information.

Hungarian supervisory authority in data protection matters:

National Authority for Data Protection and Freedom of Information (hereinafter: “Supervisory Authority”)

Address: 1055 Budapest, Falk Miksa utca 9-11.

Postal address: 1363 Budapest, Pf.: 9.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

Email: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

For terms not expressly defined in this Notice, the definitions of Article 4 GDPR shall apply.

The Data Controller reserves the right to amend this Notice.

Budapest, 22 December 2025.

O.F.SZ. Országos Fizetési Szolgáltató Zrt.