Data management information
CHAPTER 1.
NAME OF THE CONTROLLER
The publisher of this information is the Data Controller:
Company name: Naturtrade Hungary Kft.
Naturtrade Ltd., 1108 Budapest, Gyömrői út 140.
Company registration number: 01-09-300419
Tax number: 23392218-2-42
Representative: Miklós Véha
Phone number: 0630 / 211 - 6040
Fax: -
E-mail address: iroda@naturtrade.hu
Website: www.shop.naturtrade.hu
(hereinafter referred to as "the Company")
CHAPTER 2.
DESIGNATION OF DATA PROCESSORS
Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; (Article 4(8) of the Regulation)
The use of a data processor does not require the prior consent of the data subject, but the data subject must be informed. Accordingly, the following information is provided:
-The IT service provider of our company
Our Company uses a data processor for the maintenance and management of its website, who provides IT services (hosting service) and, in this context, processes the personal data provided on the website for the duration of our contract with him/her, the operation performed by him/her being the storage of personal data on the server.
-Our company's accounting service provider
Our Company uses an external service provider for the fulfilment of its tax and accounting obligations under an accounting service contract, who also processes personal data of natural persons who have a contractual or paying relationship with our Company, for the purpose of fulfilling the tax and accounting obligations of our Company.
-Postal services, delivery, parcel delivery
These data processors receive from our Company the personal data (name, address, telephone number of the data subject) necessary for the delivery of the ordered product and use it to deliver the product.
-Property protection service provider
This data processor carries out the surveillance, access and check-in of the workplace by means of CCTV cameras and the related data processing on behalf of our Company for the duration of our contract with it.
-Our Company's payment service providers
These data processors will receive the following data and the customer acknowledges that the following personal data stored by the data controller Naturtrade Hungary Kft. (1108 Budapest Gyömrői út 140.) in the user database of https://shop.naturtrade.hu will be transferred to OTP Mobil Kft. as data processor. The scope of data transmitted by the data controller is as follows:
Email address
Billing data (address)
Delivery data (address)
The nature and purpose of the data processing activities carried out by the data processor can be found in the SimplePay Data Processing Information Notice, at the following link: http://simplepay.hu/vasarlo-aff
CHAPTER 3.
CONTRACT-RELATED DATA PROCESSING
1. Processing of contracting parties' data - register of customers, suppliers
(1) The Company shall process the name, name at birth, date of birth, mother's name, address, tax identification number, tax number, entrepreneur's, farmer's or self-employed person's identity card number, personal identity card number of the natural person who has entered into a contract with the Company as a buyer or supplier for the purpose of the performance of the contract, the conclusion, performance or termination of the contract or the granting of a contractual discount, address, address of the registered office, address of the establishment, telephone number, e-mail address, website address, bank account number, customer number (customer number, order number), online identifier (list of customers, suppliers, frequent buyer lists), This processing is also considered lawful if the processing is necessary to take steps at the request of the data subject prior to entering into a contract. Recipients of personal data: employees of the Company performing customer service tasks, employees performing accounting and tax tasks, and data processors. Duration of processing of personal data: 5 years after the termination of the contract.
(2) The data subject must be informed before the processing starts that the processing is based on the legal basis of the performance of the contract, this information may also be provided in the contract.
(3) The data subject shall be informed of the transfer of his or her personal data to a processor.
2. Contact details of natural persons representing customers, buyers, suppliers of legal persons
(1) The scope of the personal data processed: name, address, telephone number, e-mail address, online identifier of the natural person.
(2) Purpose of the processing of personal data: performance of a contract with a legal entity partner of the Company, business relations, legal basis: consent of the data subject.
(3) Recipients or categories of recipients of personal data: employees of the Company performing customer service tasks.
(4) Duration of the storage of personal data: 5 years after the business relationship or the data subject's capacity as a representative.
3. Visitor data management on the Company's website
(1) Cookies are short data files placed on the user's computer by the website visited. The purpose of the cookie is to make the given infocommunication, internet service easier and more convenient. There are many types, but they can generally be divided into two broad categories: a temporary cookie, which is placed on the user's device by the website only during a particular session (e.g. during the security identification of an online banking transaction), and a permanent cookie (e.g. a website language setting), which remains on the computer until the user deletes it. According to the European Commission's guidelines, cookies [unless strictly necessary for the use of the service] can only be placed on the user's device with the user's permission.
(2) In the case of cookies that do not require the user's consent, information should be provided on the first visit to the website. It is not necessary for the full text of the cookie notice to appear on the website, but it is sufficient for the website operators to briefly summarise the substance of the notice and to provide a link to the full notice.
(3) In the case of cookies requiring consent, the information may also be linked to the first visit to the website, where the processing of data associated with the use of cookies starts as soon as the page is visited. Where the use of the cookie is linked to the use of a function explicitly requested by the user, the information may also be provided in relation to the use of that function. Even in this case, it is not necessary for the full text of the cookie notice to be displayed on the website, a brief summary of the substance of the notice and a link to the full notice.
4. Information on the use of cookies
(1) In accordance with common Internet practice, our Company also uses cookies on its website. A cookie is a small file containing a series of characters that is placed on a visitor's computer when they visit a website. When you visit that site again, the cookie enables the site to recognize the visitor's browser. Cookies may also store user preferences (e.g. language chosen) and other information. Among other things, they may collect information about the visitor and his or her device, remember the visitor's individual preferences, or be used, for example, when using online shopping carts. In general, cookies facilitate the use of the website, help the website to provide users with a real web experience and an efficient source of information, and enable the website operator to monitor the functioning of the site, prevent abuse and ensure the smooth and adequate provision of services on the website.
(2) Our Company's website records and manages the following data about the visitor and the device used for browsing when using the website:
the IP address used by the visitor,
the type of browser,
the characteristics of the operating system of the device used for browsing (language set),
time of the visit the (sub)page,
function or service visited.
(3) Acceptance or authorisation of the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to indicate when a cookie is being sent. While most browsers automatically accept cookies by default, these can usually be changed to prevent automatic acceptance and will offer you the choice each time.
To find out about the cookie settings of the most popular browsers, click on the links below
Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
Safari: https://support.apple.com/hu-hu/HT201265
However, please note that some website features or services may not function properly without cookies.
(4) The cookies used on this website are not in themselves capable of identifying the user.
(5) Cookies used on the Company's website:
Technically necessary session cookies
These cookies are necessary to enable visitors to browse the website, to use its functions smoothly and fully, to use the services available through the website, including in particular the recording of the actions carried out by the visitor on the pages concerned during the visit. The duration of the processing of these cookies is limited to the duration of the visitor's current visit and these types of cookies are automatically deleted from the visitor's computer at the end of the session or when the browser is closed.
The data processed are AVChatUserId, JSESSIONID, portal_referer.
The legal basis for this data processing is Article 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.).
The purpose of the processing is to ensure the proper functioning of the website.
Cookies requiring consent
These allow the Company to remember the user's choices in relation to the website. The visitor may opt-out of this processing at any time before and during the use of the service. This data cannot be linked to the user's identification data and cannot be transferred to third parties without the user's consent.
2.1: The legal basis for processing is the consent of the visitor.
.
The purpose of the processing is to improve the efficiency of the service, enhance the user experience and make the use of the website more convenient.
The period of data processing is 6 months.
2.2 Performance cookies:
Google Analytics cookies - for more information please visit https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
Google AdWords cookies - for more information see: https://support.google.com/adwords/answer/2407785?hl=hu
5. Registration on the Company's website
(1) On the website, the natural person registering may give his/her consent to the processing of his/her personal data by ticking the relevant box. It is prohibited to tick the box in advance.
(2) The scope of personal data that may be processed: name (surname, first name), address, telephone number, e-mail address, online identifier of the natural person.
(3) Purpose of the processing of personal data:
To provide the services offered on the website.
To contact you by electronic, telephone, SMS, and postal means.
Information about the Company's products, services, terms and conditions, promotions.
Advertising mailings may be sent electronically and by post.
Analysis of the use of the website.
(4) The legal basis for processing is the consent of the data subject.
(5) Recipients and categories of recipients of personal data: employees of the Company performing tasks related to customer service and marketing activities, employees of the Company's IT service provider providing hosting services as data processors.
(6) Duration of storage of personal data: until the registration/service is completed or until the data subject's consent is withdrawn (request for erasure).
6. Data processing related to the newsletter service
(1) A natural person who registers for the newsletter service on the website may give his or her consent to the processing of his or her personal data by ticking the relevant box. It is prohibited to tick the box in advance. The data subject may unsubscribe from the newsletter at any time by using the "Unsubscribe" application or by making a written declaration or sending an e-mail, which shall constitute a withdrawal of consent. In such a case, all data of the unsubscriber will be deleted immediately. The text of the information to be included on the newsletter subscription page is set out in Annex 7 to these Rules.
(2) The scope of personal data that may be processed: name (surname, first name), e-mail address of the natural person.
(3) Purpose of the processing of personal data:
Sending newsletters about the Company's products and services
Sending promotional material
(4) Legal basis for processing: consent of the data subject.
(5) Recipients or categories of recipients of personal data: employees of the Company performing tasks related to customer service and marketing activities, employees of the Company's IT service provider as data processors for the purpose of providing hosting services,
(6) Duration of the storage of personal data: until the newsletter service is provided or until the data subject's consent is withdrawn (request for deletion).
7. Community Policy / Data Processing on the Company's Facebook page
(1) The Company maintains a Facebook page for the purpose of informing and promoting its products and services.
(2) A question on the Company's Facebook page shall not be considered as a formal complaint.
(3) The Company does not process personal data posted by visitors to the Company's Facebook page
(4) Visitors are subject to the Facebook Privacy and Terms of Service.
(5) In the event of publication of illegal or offensive content, the Company may exclude the person concerned from membership or delete his/her posts without prior notice.
(6) The Company is not responsible for any illegal content or comments posted by Facebook users. The Company shall not be liable for any errors, malfunctions or problems arising from the operation of Facebook or from changes in the operation of the system.
8. Data management in the Company's webshop
(1) Purchases made in the webshop operated by the Company shall be considered as a contract, subject to Article 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services, and to Government Decree 45/2014 (26.II.) on the detailed rules of contracts between consumers and businesses.
(2) The Company may process the natural personal identification data and address of the customer registering in the webshop for the purposes of creating, defining the content of, amending and monitoring the performance of the contract for the provision of information society services, invoicing the fees arising therefrom and enforcing claims in connection therewith, pursuant to Article 13/A(1) of Act CVIII of 2001, and the telephone number, e-mail address, bank account number and online identifier of the customer registering in the webshop, and for the purposes of consent.
(4) The Company may process the natural personal identification data and address of the customer registering in the webshop for the purposes of creating, defining the content of, amending and monitoring the performance of the contract for the provision of information society services, invoicing the fees arising therefrom and enforcing claims in connection therewith, pursuant to Article 13/A(1) of Act CVIII of 2001, and the telephone number, e-mail address, bank account number and online identifier of the customer registering in the webshop, and for the purposes of consent.
(5) The Company may process, for billing purposes, natural person identification data relating to the use of information society services, address, and data relating to the time, duration and place of use of the service, pursuant to Article 13/A(2) of Act CVIII of 2001.
(6) Duration of the processing of personal data: until the registration/service is completed or until the data subject's consent is withdrawn (request for deletion), in case of a purchase, for 5 years after the year of purchase.
9. Data processing in connection with the organisation of a prize draw
(1) If the company organises a gift draw (Article 23 of Act XXXIV of 1991), it may process the name, address, telephone number, e-mail address and online identifier of the natural person concerned on the basis of his/her consent. Participation in the game is voluntary.
(2) The purpose of the processing of personal data is to determine the winner of the competition, to notify the winner and to send the prize. Legal basis for processing: consent of the data subject.
(3) Recipients or categories of recipients of personal data: employees of the Company performing customer service tasks, employees of the Company's IT service provider performing server services as data processors, employees of the courier service.
(4) Duration of the storage of personal data: until the final settlement of the gift classification.
10. Processing for direct marketing purposes
(1) Unless otherwise provided by a special law, advertising may be communicated to a natural person as the recipient of the advertising by direct contact (direct marketing), in particular by electronic mail or other equivalent means of individual communication, with the exception of the provisions of Act XLVIII of 2008, only if the recipient of the advertising has given his or her prior, clear and express consent.
(2) The scope of personal data that the Company may process for the purpose of advertising mailing enquiries: the name, address, telephone number, e-mail address, online identifier of the natural person.
(3) The purpose of processing personal data is to carry out direct marketing activities related to the Company's activities, i.e. sending advertising publications, newsletters, current offers in printed (postal) or electronic form (e-mail), on a regular or periodic basis, to the contact details provided at the time of registration.
(4) Legal basis for processing: consent of the data subject.
(5) Recipients or categories of recipients of personal data: employees of the Company performing customer service tasks, employees of the Company's IT service provider providing server services as data processors, employees of the Post Office in the case of postal delivery.
(6) Duration of storage of personal data: until consent is withdrawn.
PROCESSING BASED ON A LEGAL OBLIGATION
Processing for the purposes of meeting tax and accounting obligations
(1) The Company processes the data of natural persons who have business relations with the Company as customers or suppliers for the purpose of fulfilling legal obligations, tax and accounting obligations (bookkeeping, taxation), as defined by law. §-of the Act on Personal Income Tax of 2000 on accounting: name, address, designation of the person or organisation ordering the transaction, signature of the person ordering the transaction and the person certifying the execution of the order, and, depending on the organisation, the signature of the controller; on the receipts of stock movements and cash management vouchers, the signature of the recipient, and on the counterfoils, the signature of the payer, and, pursuant to Act CXVII of 1995 on Personal Income Tax: entrepreneur's identity card number, farmer's identity card number, tax identification number.
(2) The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal basis.
(3) Recipients of personal data: employees and data processors of the Company performing tax, accounting, payroll and social security functions.
Payer processing
(1) The Company processes the personal data of the data subjects - employees, their family members, workers, recipients of other benefits - with whom it has a relationship as a payer (Act 2017:CL on the Tax Code (Art.), Article 7.31.), for the purposes of fulfilling its legal obligations, tax and contribution obligations prescribed by law (tax, advance tax, contributions, payroll, social security, pension administration). The scope of the data processed is defined in Art. Article 50 of the Act defines the data processed, specifically highlighting the following: the natural person's natural person identification data (including previous name and title), gender, nationality, tax identification number, social security number (social security number). If the tax laws impose a legal consequence, the Company may process data relating to employees' membership of health (Section 40 of the Social Security Act) and trade unions (Section 47(2) b) of the Social Security Act) for the purposes of tax and contribution obligations (payroll accounting, social security administration).
(2) The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal basis.
(3) Recipients of personal data: employees and data processors of the Company performing tax, payroll, social security (payroll) functions.
Processing of documents of lasting value under the Archives Act
(1) The Company shall, in the performance of its legal obligation, process documents of permanent value pursuant to Act LXVI of 1995 on public records, public archives and the protection of private archival material (Archives Act), in order to ensure that the permanent value of the Company's archival material is preserved intact and in a usable condition for future generations. Duration of storage: until the transfer to the public archives.
(2) The recipients of personal data and other aspects of data management are governed by the Archives Act.
Processing for the purpose of complying with anti-money laundering obligations
(1) The Company shall process the personal data of its customers, their representatives and beneficial owners for the purpose of the prevention and prevention of money laundering and terrorist financing in the performance of a legal obligation pursuant to Act LIII of 2017 on the Prevention and Prevention of Money Laundering and Terrorist Financing (Act LIII of 2017 on the Prevention and Prevention of Money Laundering and Terrorist Financing) (Pmt. ): a) the surname and forename of the natural person, b) the surname and forename of birth, c) the nationality, d) the place and date of birth, e) the mother's name at birth, f) the address, or, in the absence thereof, the place of residence, g) the type and number of the identification document; the number of the official identity card proving the address, copies of the documents presented. (7.§).
(2) Recipients of personal data: employees of the Company performing customer service tasks, the head of the Company and the designated person of the Company pursuant to the Pmt.
(3) Duration of storage of personal data: 8 years from the termination of the business relationship or from the execution of the transaction order.
SUMMARY INFORMATION ON THE RIGHTS OF THE DATA SUBJECT
In this section, for the sake of clarity and transparency, we briefly summarise the rights of the data subject, the detailed information on the exercise of which is provided in the next section
Right to prior information
The data subject has the right to be informed of the facts and information relating to the processing before the processing starts (Articles 13-14 of the Regulation)
Detailed rules are set out in the next chapter.
Right of access of the data subject
The data subject has the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and related information as set out in the Regulation. (Article 15 of the Regulation).
Detailed rules are set out in the next chapter.
Right to rectification
The data subject has the right to obtain, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration (Article 16 of the Regulation).
Right to erasure ("right to be forgotten")
The data subject shall have the right to obtain, upon his or her request, the erasure of personal data relating to him or her without undue delay and the controller shall be obliged to erase personal data relating to him or her without undue delay where one of the grounds specified in the Regulation applies (Article 17 of the Regulation).
Detailed rules are set out in the next chapter.
Right to restriction of processing.
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Controller if the conditions set out in the Regulation are fulfilled. (Article 18 of the Regulation)
Detailed rules are set out in the next chapter.
Obligation to notify the rectification or erasure of personal data or restriction of processing
The Controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the data subject of these recipients. (Article 19 of the Regulation)
Right to data portability
Subject to the conditions set out in the Regulation, the data subject shall have the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data. (Article 20 of the Regulation)
Detailed rules are set out in the next chapter.
Right to object
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on the basis of Article 6(1)(e) (processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or (f) (processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party) of the Regulation (Article 21 of the Regulation).
Detailed rules are set out in the next chapter.
Automated decision-making in individual cases, including profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. (Article 22 of the Regulation)
Detailed rules are set out in the next chapter.
Restrictions
Union or Member State law applicable to the controller or processor may restrict by legislative measures, in accordance with Articles 12 to 22 and Article 34 and in accordance with the rights and obligations set out in Articles 12 to 22 (Article 23 of the Regulation)
Detailed rules are set out in the next chapter.
Informing the data subject about the data breach
If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the personal data breach without undue delay. (Article 34 of the Regulation)
Detailed rules are set out in the next chapter.
Right to lodge a complaint with a supervisory authority (right to official redress)
The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged breach, if the data subject considers that the processing of personal data relating to him or her infringes the Regulation. (Article 77 of the Regulation)
Detailed rules are set out in the next chapter.
Right to an effective judicial remedy against the supervisory authority
All natural and legal persons have the right to an effective judicial remedy against a legally binding decision of a supervisory authority which is addressed to them, or if the supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments or the outcome of the complaint lodged. (Article 78 of the Regulation)
Detailed rules are set out in the next chapter.
The right to an effective judicial remedy against the controller or processor
Every data subject has the right to an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data not in accordance with this Regulation. (Article 79 of the Regulation)
Detailed rules are set out in the next chapter.
THE PRESENTATION OF THE DATA SUBJECT'S REQUEST,
THE CONTROLLER'S ACTIONS
The Controller shall inform the data subject of the action taken on his or her request to exercise his or her rights without undue delay and in any event within one month of receipt of the request.
If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the data subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay.
Where the data subject has made the request by electronic means, the information shall, where possible, be provided by electronic means, unless the data subject requests otherwise.
If the controller does not act on the data subject's request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the non-action and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.
The Controller shall provide the information and information on the rights of the data subject (Articles 15 to 22 and 34 of the Regulation) and the action in accordance with Articles 13 and 14 of the Regulation free of charge. If the data subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Controller shall, subject to the administrative costs of providing the requested information or information or of taking the requested action:
a) charge a fee of HUF 6.350,-, or
b) refuse to act on the request.
The burden of proving that the request is manifestly unfounded or excessive shall lie with the Controller.
Where the Controller has reasonable doubts as to the identity of the natural person making the request, it may request further information necessary to confirm the identity of the data subject.
Naturtrade Hungary 2018
.