Privacy Policy

 

 

Privacy

We collect and process personal data only in accordance with applicable laws.

Direct marketing (DM) messages are sent only with your explicit consent. System messages may be sent without consent.

We store all data as securely as possible.

Personal data is shared with third parties only with your consent.

Anyone may request information about the personal data we hold about them by contacting This email address is being protected from spambots. You need JavaScript enabled to view it. in writing.

Requests for the deletion of personal data can also be submitted in writing to This email address is being protected from spambots. You need JavaScript enabled to view it..

 

Introduction::

TWS Lifting and Material Handling Equipment Trading and Services Ltd.

Head office: 1047 Budapest, Tinódi u. 5-7

Mailing address: 1047 Budapest, Tinódi u. 5-7

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: http://www.tws.hu/

 

According to Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Section 20 (1)), the data subject (in this case, the webshop user, hereinafter referred to as the User) must be informed before any data processing begins whether the processing is based on consent or is mandatory.

Before data processing starts, the data subject must be provided with clear and detailed information about all facts related to the processing of their personal data, including, in particular:

the purpose and legal basis of data processing,

the identity of the person authorized to process the data, and

the duration of the data processing.

In accordance with Section 6 (1) of the Info Act, the data subject must also be informed that personal data may be processed even if obtaining consent is impossible or would involve disproportionate cost, and the processing of personal data is necessary:

for the fulfillment of a legal obligation applicable to the Data Controller, or

to protect the legitimate interest of the Data Controller or a third party, provided that the enforcement of this interest is proportionate to the limitation of the data subject’s rights regarding the protection of personal data.

 

The information must also cover the rights of the data subjects and the available remedies regarding data processing. 

 

If providing personal notification to the data subjects is impossible or would involve disproportionate costs (as in the case of a website), the information may be provided by publicly disclosing the following:

- the fact that data is being collected,

- the categories of data subjects,

- the purpose of data collection,

- the duration of data processing,

- the identity of possible data controllers authorized to access the data,

- the rights of the data subjects regarding data processing and the remedies available to them,

- if applicable, the registration number of the data processing in the data protection registry.

This privacy notice governs the data processing of the following website: www.tws.hu, based on the content requirements outlined above.

Any amendments to this notice will take effect upon publication on the above website. References to the relevant legal provisions will be included under the headings of individual sections of this notice. 

 

Definitions (Section 3)

- Data Subject / User: any identified or directly or indirectly identifiable natural person based on specific personal data.

- Personal Data: any information relating to a data subject, particularly the data subject’s name, identifier, or one or more characteristics relating to their physical, physiological, mental, economic, cultural, or social identity, as well as any conclusions drawn from such data concerning the data subject.

- Special Categories of Personal Data (Sensitive Data):

 - personal data revealing racial or ethnic origin, political opinions or party affiliation, religious or philosophical beliefs, membership in interest representation organizations, or sexual life;

 - personal data concerning health status or addictions;

 - personal data relating to criminal offenses;

 

- Consent: the voluntary and explicit expression of the data subject’s will, based on adequate information, by which they give unambiguous agreement to the processing of their personal data, either in full or limited to specific operations.

- Objection: a declaration by the data subject through which they contest the processing of their personal data and request the cessation of processing or the deletion of the data.

- Data Controller: a natural or legal person, or an organization without legal personality, who alone or jointly with others determines the purposes of data processing, makes and implements decisions regarding the processing (including the tools used), or executes these decisions through an appointed data processor.

- Data Processing: any operation or set of operations performed on personal data, regardless of the method used, including in particular: collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, deletion, destruction, prevention of further use, creation of photographs, audio or video recordings, and the recording of physical characteristics suitable for identifying the person (e.g., fingerprints, palm prints, DNA samples, iris images);

 

- Data Transfer: making data accessible to a specified third party.

- Disclosure / Public Availability: making data accessible to anyone.

- Data Deletion: rendering data unrecognizable in such a way that recovery is no longer possible.

- Data Marking / Tagging: attaching an identifier to the data for the purpose of distinguishing it.

- Data Blocking / Locking: marking data with an identifier to restrict further processing either permanently or for a specified period.

- Data Destruction: the complete physical destruction of the data carrier containing the data;

 

- Data Processing: the performance of technical tasks related to data management operations, regardless of the methods, tools, or location used, provided that the technical tasks are performed on the data.

- Data Processor: a natural or legal person, or an organization without legal personality, who processes data on behalf of the Data Controller based on a contract, including contracts required by law.

- Data Responsible Authority: a public authority that produces public-interest data that must be published electronically, or that generates such data in the course of its operations.

- Data Publisher: a public authority that publishes data provided by the Data Responsible Authority on a website, if the Data Responsible Authority does not publish the data itself.

- Data Set / Database: the totality of data managed within a single record or registry;

 

Third Person: a natural or legal person, or an organization without legal personality, who or which is not identical with the data subject, the Data Controller, or the Data Processor.

 

 

Legal Basis for Data Processing (Sections 5–6)

 

Personal data may be processed if:

- the data subject has given consent, or

- processing is ordered by law or by a local government decree, based on law, within the scope defined therein, for purposes of public interest.

Personal data may also be processed if obtaining the data subject’s consent is impossible or would involve disproportionate costs, and the processing is necessary:

- for the fulfillment of a legal obligation applicable to the Data Controller, or

- to protect the legitimate interest of the Data Controller or a third party, provided that the enforcement of this interest is proportionate to the limitation of the data subject’s rights regarding personal data protection.

If the data subject is incapable of giving consent due to legal incapacity or any other unavoidable reason, personal data may be processed to the extent necessary to protect the vital interests of the data subject or another person, or to prevent or mitigate an immediate threat to the life, physical integrity, or property of individuals.

For minors who have reached the age of 16, the validity of a legal declaration of consent does not require the consent or subsequent approval of their legal representative.

If the processing of personal data is based on consent and aims to execute a contract concluded in writing with the Data Controller, the contract must include all information the data subject needs to be aware of regarding the processing of their personal data, in particular:

- the types of data to be processed,

- the duration of the data processing,

- the purpose of the processing,

- the fact that data may be transferred and the recipients of such data,

- the use of a data processor, if applicable.

The contract must clearly state, in an unambiguous manner, that by signing it, the data subject consents to the processing of their personal data as specified in the contract.

If personal data is collected based on the data subject’s consent, the Data Controller may process the collected data ,unless otherwise provided by law:

- for the fulfillment of a legal obligation applicable to the Data Controller, or

- to protect the legitimate interest of the Data Controller or a third party, provided that the enforcement of this interest is proportionate to the limitation of the data subject’s rights regarding the protection of personal data.

 

Purpose Limitation of Data Processing (Section 4 [1]–[2])

 

Personal data may only be processed for a specific purpose, in order to exercise a right or fulfill a legal obligation. At every stage of data processing, the processing must comply with the intended purpose, and the collection and handling of data must be fair and lawful.

Only personal data that is necessary and adequate to achieve the purpose of processing may be handled. Personal data may only be processed to the extent and for the duration necessary to achieve that purpose.

 

Other Principles of Data Processing (Section 4 [3]–[4])

 

Personal data retains its character as personal data as long as a link to the data subject can be restored. A link to the data subject can be restored if the Data Controller possesses the technical means necessary to do so.

During data processing, the accuracy and completeness of the data must be ensured, and—if required for the purpose of processing—the data must be kept up to date. Additionally, the data subject should only be identifiable for as long as necessary to achieve the purpose of the data processing.

 

Functional Data Processing

 

In accordance with Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following information regarding the operation of the www.tws.hu website must be defined:

1. Fact of Data Collection and Types of Data Collected:

- Collected data include: password, first and last name, email address, phone number, shipping address, shipping name, billing address, billing name, amount  payable, registration/purchase date and time, IP address at registration/purchase.

2. Categories of Data Subjects:

- All users who register or make purchases on the website are considered data subjects.

3. Purpose of Data Collection and Processing:

- The Service Provider processes personal data for the following purposes:

  - Full use of the website,

  - Establishing contracts for service provision,

  - Defining, modifying, and monitoring contract performance,

  - Invoicing charges arising from contracts and enforcing related claims,

  - Sending newsletters to users.

4. Duration of Data Processing / Data Deletion:

- Personal data are deleted immediately upon deletion of registration or completion of purchase.

- Exception: accounting records must be retained for 8 years in accordance with Section 169 (2) of Act C of 2000 on Accounting.

- Accounting documents supporting bookkeeping, including general ledger accounts, analytical or detailed records, must be preserved in a readable and traceable format for at least 8 years.

5. Persons Authorized to Access Data:

- Personal data may be processed by the employees of the Data Controller, in compliance with the principles outlined above.

6. Data Subject Rights:

- Data subjects may request deletion or modification of their personal data via:

   - Postal mail: TWS Ltd., 1047 Budapest, Tinódi u. 5-7, Hungary

   - Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

7. Legal Basis for Data Processing:

- Consent of the user,

- Section 5 (1) of Act CXII of 2011, and

- Section 13/A (3) of Act CVIII of 2001 on Electronic Commerce and Certain Services Related to the Information Society (Elker Act):

  - The Service Provider may process personal data necessary for the technical provision of the service. The tools used to provide information society services        must be selected and operated so that personal data are only processed if strictly necessary for providing the service and achieving the purposes specified by law, and even then only to the extent and for the duration required.

 

Our Principles for Functional Data Processing (Elker Act, Section 13/A)

The Service Provider may process personally identifiable information, address data, and data related to the time, duration, and location of the use of an information society service for the purpose of invoicing fees arising from a contract for the provision of such services.

The Service Provider may process personal data that are technically necessary for the provision of the service. When selecting and operating tools for providing information society services, the Service Provider must ensure that personal data are processed only if strictly necessary for providing the service and achieving the purposes defined in the Elker Act, and even then, only to the extent and for the duration required.

The Service Provider may process data related to the use of the service for any other purpose, such as improving service efficiency, delivering targeted electronic advertisements or other content, or market research, only after the prior definition of the purpose and based on the user’s consent.

The user must be continuously ensured the opportunity to prohibit data processing both before and during the use of the information society service.

Collected data must be deleted after the contract is not concluded, the contract terminates, or invoicing is completed. Data must also be deleted if the purpose of processing ceases or the user requests deletion. Unless otherwise provided by law, deletion must be carried out without delay.

The Service Provider must ensure that the user can at any time, before and during the use of the information society service, access information on which categories of data are processed for which purposes, including data that cannot be directly linked to the user. 

 

Cookies

In accordance with Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following information regarding cookie data processing on the www.tws.hu website must be defined:

1. Fact of Data Collection and Types of Data Collected:

- Typical e-commerce cookies include session cookies for password-protected sessions, shopping cart cookies, and security cookies, which do not require prior consent from users.

- Collected data include unique identifiers, dates, and timestamps.

2. Categories of Data Subjects:

- All visitors to the website are considered data subjects.

3. Purpose of Data Collection and Processing:

- Identification of users,

- Maintaining the shopping cart,

- Tracking website visitors.

4. Duration of Data Processing / Data Deletion:

- For session cookies, data processing lasts until the end of the website visit.

5. Persons Authorized to Access Data:

- Personal data may be accessed by the employees of the Data Controller, in compliance with the principles outlined above.

6. Data Subject Rights:

- Users can delete cookies via the browser’s Tools/Settings menu, usually under Privacy settings.

7. Legal Basis for Data Processing:

- User consent is not required if the sole purpose of the cookies is to enable the transmission of communication over an electronic communications network or is strictly necessary for providing an information society service explicitly requested by the user.

8. Web Analytics:

- The Service Provider uses Google Analytics to measure website traffic. During the use of this service, data are transmitted. The transmitted data cannot be used to identify the user.

- More information about Google’s privacy policies is available here: http://www.google.hu/policies/privacy/ads/

 

Newsletter and Direct Marketing (DM) Data Processing

In accordance with Section 6 of Act XLVIII of 2008 on the Fundamental Conditions and Certain Limitations of Commercial Advertising Activities, the User may give prior and explicit consent for the Service Provider to contact them at the email address provided during registration with promotional offers or other communications.

Furthermore, the User may consent—taking this Privacy Notice into account—for the Service Provider to process the personal data necessary to send these promotional communications.

The Service Provider does not send unsolicited promotional messages, and the User may unsubscribe from receiving offers at any time, without restriction or justification, free of charge. In such a case, the Service Provider deletes all personal data necessary for sending the promotional messages from its records and will not send further promotional offers. Users can unsubscribe via the link included in each message.

In accordance with Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following applies to newsletter and DM data processing on www.tws.hu:

1. Fact of Data Collection and Types of Data Collected:

- Name, email address, date, and time of subscription.

2. Categories of Data Subjects:

- All users who subscribe to the newsletter.

3. Purpose of Data Collection and Processing:

- Sending electronic messages containing advertising to the data subject,

- Providing information about current news, products, promotions, new features, and similar updates.

4. Duration of Data Processing / Data Deletion:

- Data are processed until the User withdraws consent, i.e., unsubscribes.

5. Persons Authorized to Access Data:

- Personal data may be accessed by the employees of the Data Controller, in compliance with the principles outlined above.

6. Data Subject Rights:

- Users may unsubscribe from the newsletter at any time, free of charge.

7. Legal Basis for Data Processing:

- The voluntary consent of the data subject,

- Section 5 (1) of Act CXII of 2011, and

- Section 6 (5) of Act XLVIII of 2008:

   - The advertiser, advertising service provider, or publisher maintains a record of personal data of persons who have provided consent within the scope specified in the consent. Data recorded in this registry, relating to the recipients of advertising, may only be processed according to the scope of the consent and until it is withdrawn, and may only be disclosed to third parties with the prior consent of the data subject.

 

Facebook                                           

In accordance with Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following applies to data transfer activities related to the webshop’s use of Facebook.com:

1. Fact of Data Collection and Types of Data Collected:

- Name registered on Facebook.com and the user’s public profile picture.

2. Categories of Data Subjects:

- All individuals who are registered on Facebook.com and have liked the webshop’s page.

3. Purpose of Data Collection and Processing:

- To allow sharing and liking of specific content, products, promotions, or the webshop page itself on Facebook.com.

4. Duration of Data Processing, Authorized Data Handlers, and Data Subject Rights:

- The processing takes place on the Facebook.com platform.

- Users can obtain information about the source of the data, its processing, transfer methods, and legal basis at: http://www.facebook.com/about/privacy/

- The duration, methods of processing, and options for deletion or modification of data are governed by Facebook’s own terms:

   - Terms of Service

   - Privacy Policy

5. Legal Basis for Data Processing:

- The voluntary consent of the user for the processing of personal data on the Facebook.com platform.

 

Data Transfer

In accordance with Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following applies to data transfer activities on the webshop:

1. Fact of Data Collection and Types of Data Transferred:

- For delivery purposes: Recipient name, delivery address, phone number, amount payable.

- For online payment purposes: Billing name, billing address, amount payable.

2. Categories of Data Subjects:

- All individuals requesting home delivery or making an online purchase.

3. Purpose of Data Collection and Processing:

- To complete the delivery of ordered products and/or process the online purchase.

4. Duration of Data Processing / Data Deletion:

- Data processing lasts until the completion of the home delivery or online payment.

5. Persons Authorized to Access Data:

- Personal data may be accessed by the following parties, in compliance with the principles outlined above:

  - Employees of the Data Controller involved in order processing, delivery, and payment administration,

  - Delivery service providers responsible for shipping the goods,

  - Payment service providers handling online transactions.

6. Data Subject Rights:

- Users may request information about the transferred data, its processing, and deletion. Requests can be submitted via:

  - Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

  - Post: TWS Kft., 1047 Budapest, Tinódi u. 5-7., Hungary

7. Legal Basis for Data Processing:

- The processing is necessary for the performance of a contract to which the data subject is a party (delivery of goods or completion of the online purchase).

 

Website Hosting Provider Information:

Provider Name: INTEGRITY Kft.

Registered Address: 8000 Székesfehérvár, Gyetvai u. 6, Hungary

Mailing Address: 1132 Budapest, Victor Hugo u. 18-22, Hungary

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Provider Name: Pannon Creative Kft.

Registered Address: 2800 Tatabánya, Bánhidai ltp. 318, Ground Floor 1, Hungary

Tax Number: 23134762-2-11

E-mail / Contact: [Add if available]


Marketing & Communications Services:

Managed by Pannon Creative Kft.

Address: 2800 Tatabánya, Bánhidai ltp. 318, Ground Floor 1, Hungary

Tax Number: 23134762-2-11

 

The data subject may request that the service provider responsible for home delivery or online payment delete their personal data without delay. The transfer of personal data is based on the user’s consent, in accordance with Section 5 (1) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.) and Section 13/A (3) of Act CVIII of 2001 on Electronic Commerce and on Certain Issues of Information Society Services.

 

Data Security (Section 7)

 

The data controller is obliged to plan and carry out data processing operations in a manner that ensures the protection of the data subjects' privacy. The data controller, as well as any data processor acting within its scope of activities, must safeguard the data and implement all technical and organizational measures, as well as procedural rules, necessary to enforce the provisions of the Information Act and other data and confidentiality regulations. Data must be adequately protected against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental loss or damage and inaccessibility caused by technological changes.

To protect electronically maintained records in various registries, appropriate technical solutions must be applied to ensure that stored data cannot be directly linked to and associated with the data subject, except where permitted by law. During the automated processing of personal data, the data controller and data processor must take further measures to prevent unauthorized data entry, prevent unauthorized use of automatic data processing systems via transmission devices, and ensure traceability of which bodies personal data have been or may be transmitted to using transmission equipment. They must also ensure traceability and accountability of who entered which personal data into automated systems and when, maintain system recoverability in the event of a malfunction, and provide reporting on errors occurring during automated processing.

When defining and implementing measures to protect data, the data controller and data processor must consider the state of technological development. Among possible data processing solutions, the one that ensures the highest level of personal data protection should be chosen, except where doing so would impose disproportionate difficulty on the data controller.

 

Rights of Data Subjects (Articles 14–19)

 

A data subject may request that the Service Provider provide information regarding the processing of their personal data, and may request the correction, blocking, or deletion of their personal data, except in cases where data processing is mandatory by law. Upon the data subject’s request, the data controller shall provide information about the personal data it processes, as well as data processed by any appointed data processor, including the source of the data, the purpose and legal basis of processing, the duration of processing, the name and address of the data processor, and the activities related to data processing. If personal data has been transferred to a third party, the data subject will also be informed of the legal basis for the transfer and the recipients of the data.

The data controller maintains a record of data transfers for the purpose of verifying the legality of data transmission and informing the data subject. This record includes the date of transfer, the legal basis and recipient of the transfer, the categories of personal data transferred, and any other information required by law.

The data controller shall respond to requests for information in a clear and understandable manner, in writing, as soon as possible but no later than 30 days from receipt. Providing this information is free of charge.

If personal data is inaccurate and the correct data is available to the controller, the data shall be rectified. Instead of deletion, the data may be blocked if the data subject requests it or if deletion would adversely affect the data subject’s legitimate interests. Blocked data may only be processed as long as the purpose preventing deletion continues to exist.

The data controller shall delete personal data if processing is unlawful, the data subject requests deletion, the data is incomplete or incorrect and cannot be lawfully corrected, the purpose of processing has ceased, the statutory retention period has expired, or a court or the National Authority for Data Protection and Freedom of Information (NAIH) has ordered deletion.

The data controller shall mark personal data if its accuracy or correctness is disputed but cannot be clearly verified. Data subjects and all recipients who previously received the data for processing purposes must be informed of any rectification, blocking, marking, or deletion, unless notification would conflict with the legitimate interests of the data subject.

If the data controller does not comply with a request for rectification, blocking, or deletion, it shall inform the data subject in writing within 30 days of the reasons for refusal, both factual and legal. In the event of refusal, the data subject shall also be informed of the right to seek judicial remedy or submit a complaint to the Authority.

 

Legal Remedies

 

1. The User may object to the processing of their personal data if:

- the processing or transfer of personal data is necessary solely for the Data Controller to comply with a legal obligation, or to protect the legitimate interests of the Data Controller, the Data Recipient, or a third party, unless such processing is mandated by law;

- the use or transfer of personal data is for direct marketing, opinion polling, or scientific research purposes;

- in other cases defined by law.

2. Upon receiving an objection, the Data Controller will review the request as soon as possible, but no later than 15 days, decide on its validity, and notify the requester in writing of the decision.

3. If the Data Controller acknowledges the objection as valid, the Data Controller will cease data processing, including any further data collection and transfer, lock the data, and inform all recipients to whom the personal data subject to the objection was previously disclosed, who are also obliged to take measures to enforce the objection.

4. If the User disagrees with the decision of the Data Controller, they may appeal to the Court within 30 days of notification. The Court will handle the case as a matter of urgency.

5. Any complaint regarding potential violations by the Data Controller may be submitted to the National Authority for Data Protection and Freedom of Information (NAIH).

 

National Authority for Data Protection and Freedom of Information (NAIH)

- Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, Hungary

- Mailing Address: P.O. Box 5, 1530 Budapest, Hungary

- Phone: +36 1 391 1400

- Fax: +36 1 391 1410

- E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Judicial Enforcements

 

1. The Data Controller is obliged to prove that data processing complies with applicable laws. The legality of any data transfer must be proven by the Data Recipient.

2. Jurisdiction for adjudicating disputes lies with the Court. At the data subject’s choice, proceedings may also be initiated before the court at the data subject’s place of residence or habitual stay.

3. A party to the proceedings may include even those who would not normally have legal standing. The Data Protection Authority may intervene in the proceedings to protect the data subject’s rights.

4. If the court grants the claim, the Data Controller may be ordered to:

- provide the requested information,

- correct, block, or delete the data,

- annul decisions made solely on the basis of automated data processing,

- respect the data subject’s right to object,

- provide the data requested by the Data Recipient.

5. If the court rejects the Data Recipient’s claim, the Data Controller is obliged to delete the data within 3 days from notification of the judgment. The Data Controller must also delete the data if the Data Recipient does not initiate proceedings within the statutory deadline.

6. The court may order the publication of its judgment, including the Data Controller’s identifying data, if this is required to protect data privacy interests and the rights of a larger number of data subjects.

 

Compensation and Damages (Section 23)

 

1. If the Data Controller causes damage to another party due to unlawful processing of personal data or breach of data security requirements, the Data Controller is obliged to compensate for such damage.

2. If the Data Controller violates the data subject’s personal rights through unlawful data processing or a breach of data security, the data subject may claim non-material damages from the Data Controller.

3. The Data Controller is liable to the data subject for any damage caused by the Data Processor, and must also pay the data subject non-material damages for any personal rights violations caused by the Data Processor.

4. The Data Controller is exempt from liability for damages and from the obligation to pay non-material damages if it proves that the damage or personal rights violation was caused by unavoidable reasons beyond the scope of data processing.

5. No compensation or non-material damages are required to be paid if the damage or personal rights violation results from the intentional or grossly negligent conduct of the data subject.

 

Closing Statement

 

During the preparation of this Privacy Notice, the following laws and regulations were taken into account:

- Act CXII of 2011 – on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)

- Act CVIII of 2001 – on Electronic Commerce Services and Certain Issues Related to Information Society Services (especially Section 13/A)

- Act XLVII of 2008 – on the Prohibition of Unfair Commercial Practices Against Consumers

- Act XLVIII of 2008 – on the Fundamental Conditions and Certain Limitations of Commercial Advertising Activities

- Act XC of 2005 – on Electronic Freedom of Information

- Act C of 2003 – on Electronic Communications

- Opinion No. 16/2011 – on Best Practices for Behavioural Online Advertising, EASA/IAB Recommendation.