Privacy policy
PRIVACY POLICY
PRIVACY AND DATA MANAGEMENT INFORMATION OF VEDIKARRIER - SZARKA DÓRA E.V.
1. Purpose of the Prospectus
The purpose of this Prospectus is to record the Vedikarrier - Szarka Dóra e.v. (The "Company") and provide the data protection and data management policy of the Company and provide information to data subjects on the data management related to the website www.vedikarrier.hu.
According to the decision issued by the Deputy State Secretary for the Keeping of Records of the Ministry of the Interior, Document Supervision Department (Case No. 7418572), the Service Provider (registered on 08.08.2019, tax number: 54934214-1-41, statistical number: 54934214-7022-231-01) 53963248 may carry out parcel delivery activities in accordance with the number.
2. Basic concepts
The basic concepts of data management are defined in Act CXII of 2011 on the right to information self-determination and freedom of information. and REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
Basic concepts relevant to the interpretation of this Prospectus:
2.1. Data controller: the person who determines the purposes and means of processing the data of the data subject individually or together with others.
In the case of webshop sales on www.vedikarrier.hu, its operator; (ie who provides the service itself):
Data controller: Dóra Szarka is a sole proprietor.
abbreviated name: Dóra Szarka e.v.
tax number: 54934214-1-41
head office: 1037 Budapest, Laborc u.
electronic contact (e-mail address): info@birdbooks.hu
Website address: www.vedikarrier.hu,
Name of the Data Protection Officer: Dóra Szarka
Contact details of the Data Protection Officer: info@vedikarrier.hu
Data controller is also the person whom this Prospectus names as data controller in connection with a given service.
2.2. Recipient: the natural or legal person, public authority, agency or any other body to whom or with which personal data are communicated (as detailed in Article 4 (9) GDPR).
2.3. Data subject: in the course of data processing, the identified or identifiable natural person whose data are processed.
Natural person: a living person who may be the holder of personal rights, such as the right to the protection of personal data;
In the case of data management based on this Prospectus, the natural person who uses the Web Store operating on the Company's website (www.vedikarrier.hu); you visit, register on it, or make purchases on the Website without registration ("User").
2.4. Personal data: data that can be contacted by the data subject - in particular the data subject's name, contact details and address, any identifying mark, be it an identifier created by the authority or the Company, and knowledge of one or more physical, physiological, mental, economic, cultural or social identities - or the conclusion to be drawn from the data concerning the data subject.
2.5. Data management: any operation or set of operations on personal data, regardless of the procedure used, including in particular the collection, recording, recording, systematisation, storage, modification, use, consultation of a public or non-public database, transmission, disclosure , harmonization or interconnection, deletion and destruction, and to prevent further use of the data).
2.6. Data processing: the performance of technical, technological tasks related to data management operations, regardless of the method and means used in the performance of the operations and the place where the operation is performed.
2.7. Data processor: a natural or legal person or an organization without legal personality who carries out the processing of data on the basis of a contract concluded with the Company.
2.8. Webshop: the Internet store operated on the Company's website (www.vedikarrier.hu) (hereinafter: "Webshop")
2.9. Data erasure: making personal data unrecognizable in such a way that it is no longer possible to recover it.
2.10. Consent: a voluntary and explicit statement of the data subject's intention to process personal data, based on appropriate prior information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part.
2.11. Profiling: the automated processing of personal data in which the personal data of a natural person is linked to a specific person
used to evaluate, analyze, or predict characteristics (e.g., personal preferences, interests).
2.12. Objection: a statement made by the data subject in any form (for example, orally, in writing or by e-mail) objecting to the processing of his personal data by the Company and requesting the termination of the data processing or the deletion of the processed data.
The data processing carried out on the basis of this Prospectus is carried out in compliance with the provisions of Hungarian legislation and EU legislation that is mandatory in Hungary (eg the GDPR).
Legal references:
"Ek law"
On certain aspects of electronic commerce services and information society services
CVIII of 2001 on law
"Consumer law"
CLV of 1997 on consumer protection.
law
"Grt."
2008 on the basic conditions and certain restrictions of commercial advertising.
évi XLVIII. law
"GDPR"
THE EUROPEAN PARLIAMENT AND THE COUNCIL (EU)
REGULATION 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 placement
"Info law."
Act CXII of 2011 on the right to information self-determination and freedom of information.
law
"Posta law"
2012 on postal services CLIX. law
"Accounting law"
Act C of 2000 on Accounting
3. Purpose of data management
The purpose of Data Management is to ensure the provision of services available in the Web Store. The range of personal data required to use these services can be found in the description of the relevant services in the Web Store.
Data will be processed in particular for the following purposes:
- Registration and login;
- General data management relating to online ordering;
- Newsletter subscription and sending;
- Participation in a loyalty program;
- Complaint handling;
- Conducting sweepstakes (lotteries, voting);
- Use of a contact form;
- Use of cookies;
4. General provisions
Responsibility for the adequacy of the personal data provided
The Company does not verify the accuracy of the personal data provided to it. The person who provided the data is solely responsible for the accuracy of the information provided. When providing the e-mail address of any User, he / she is also responsible for ensuring that only he / she uses the service from the provided e-mail address. All responsibility for accessing a given e-mail address rests solely with the User who registered the e-mail address.
The Company also draws the attention of the Users to the fact that they contribute to the up-to-dateness of the data. For example, if the User has not indicated a change in the delivery address previously provided for an additional order and the ordered product is delivered to the wrong address, the User is responsible for any damage resulting from the incorrect delivery, including shipping costs.
It is possible to change the personal data after "Login" in the "Settings" menu or when placing an order in the Personal data menu. Requests for deletion of data can be made in the request sent from the e-mail address or telephone number included in the registration.
You can cancel sending newsletters using the link in the newsletters, using the form in the Customer Service menu, by contacting our customer service, or for registered Users in the "Settings" menu after "Login".
Once the request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
The Company also draws the attention of those who provide data to it to the effect that if they do not provide their own personal data (eg recipient's gift data other than the customer), the informant is obliged to provide the legal basis for the data (eg obtaining the data subject's consent). As long as there is no doubt as to eligibility, the Company will presume that
- a the User provides the data of a (third) person other than the User as the performance address, has the necessary legal basis (eg consent);
- if a (third) person other than the User applies for the personal receipt of the ordered product, the User has authorized this third party to receive the product.
The above does not affect the right of the Company to request appropriate proof of entitlement, as the case may be, to handle the personal data provided in the process in accordance with the data management rules related to the contract for the ordered product.
Management of personal data
The Company may not use the personal data provided for purposes other than those specified in the Prospectus.
Unless otherwise required by law or this Prospectus, the processing of personal data provided by the User will continue until the User unsubscribes from the service. The date of cancellation is as soon as possible after the receipt of the User's cancellation (cancellation request). Unless expressly excluded by law, in the event of illegal, misleading personal data or in the event of a crime or attack on the system committed by the User, the Company is entitled to delete the data immediately upon termination of the User's registration, but also personal data for the duration of the proceedings.
Unless otherwise provided by law or this Prospectus, the personal data provided by the User - even if the User does not unsubscribe from the service - may be processed by the Company as a data controller until the User explicitly requests the termination of their processing in writing.
In certain cases specified by law - the Company may, in the event of an official court or police request, legal proceedings due to copyright, property or other infringement or a reasonable suspicion thereof, harm the interests of the Company, endanger the provision of its services, etc. - in the case of - makes available to the authorized third parties the available data of the relevant User. The Company, as a data controller, is entitled and obliged to transfer all personal data at its disposal and duly stored by it to the competent authorities, which is obliged to transfer data by law or a final official decision. The Company cannot be held liable for such data transfer and the consequences thereof.
The Company handles the personal data in its possession in accordance with the relevant legislation - detailed in point 2 - and this Prospectus, and does not transfer them to third parties. With regard to data transfer, the exception to the provisions of this section is the use of data in a statistically aggregated form, which may not contain the name of the User concerned or other data suitable for identification in any form, as well as other data transfer cases specified in this Prospectus.
In all cases where the Company intends to use the provided personal data for a purpose other than the purpose of the original data collection, it shall inform the User thereof and obtain its prior express consent, or provide him or her with an opportunity to prohibit the use.
The Company shall take into account the state of science and technology and the costs of its implementation, as well as the nature, scope, circumstances and purposes of data processing and the varying probability and severity of risks to the rights and freedoms of natural persons. apply and implement appropriate technical and organizational measures for the effective implementation of data protection principles, such as data protection, on the one hand, and the integration into the data management process of the guarantees necessary to meet the requirements of the GDPR and to protect the rights of data subjects.
The Company shall protect the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and becoming inaccessible due to changes in the technology used.
Data management for technological reasons
The Company's system may collect data on the activity of the Users, which cannot be linked to the personal data provided by the Users during registration, or to the data generated when using other websites or services.
The data that is automatically and technically recorded during the operation of the system will be stored in the system for a period of time justified from the point of view of ensuring the operation of the system. The Company ensures that this automatically recorded data cannot be linked to other users' personal data, except in cases required by law. If the User has terminated his / her consent to the processing of personal data or has unsubscribed from the service, his / her identity will not be identifiable thereafter.
Procedure in case of transferring the operation of the Web Store
If the Company transfers the operation or utilization of the services in the Webshop in part or in full to a third party, it may fully transfer the personal data managed by the Company to such third party for further processing without requesting special consent. This data transfer may only serve the continuity of the registration of already registered Users, however, it may not place the User in a more unfavorable position than the data management and data security rules indicated in the text of this Prospectus in force at any time. In the case of data transfer in accordance with this section, the Data Controller shall provide the Users with an opportunity to protest against the data transfer before the data transfer. In case of protest, it is not possible to transfer the data of the given User according to this point.
Cookies:
In order to serve personalized content, the Company places a small data package (so-called "cookie") on the User's computer. The purpose of the cookie is to ensure the highest possible level of performance of the given page in order to increase the user experience. The User can delete the cookie from his / her own computer or set his / her browser to disable the use of cookies.
In most browsers, the "Help" feature in the menu bar provides information about the browser
- how to disable cookies
- how to accept new cookies, or
- how to instruct your browser to set a new cookie, or
- how to turn off other cookies.
For more information on changing cookie settings, see the following links:
Google Chrome
Mozilla Firefox
Microsoft Edge
Microsoft Internet Explorer
Opera
Safari
By disabling the use of cookies, the User acknowledges that without a cookie the operation of the given page is not complete.
The Web Store uses information packets (cookies) created by the web server on the device used by the visitor, if the visitor consents to this at the beginning of the visit. These information packages collect information, memorize the visitor's custom settings, and prevent data loss, so
are used e.g. when using online shopping carts, and generally make it easier for visitors to use the Web Store.
If the Internet browser used by the user returns a previously saved information packet, the service provider handling it has the option to link the user's current visit with the previous ones.
Cookies classified as "essential" in the cookie information ("Cookie information") that appears in the pop-up window on the first visit to the Web Store may be placed on the device used for browsing without the User's consent, however, their settings may be changed as indicated above.
According to the Cookie Information, the Company will only place cookies classified in the "settings", "statistics" and "marketing" categories on the device used for browsing with the consent of the User. The User gives his consent on the first visit to the Web Store after learning and accepting the Cookie Information displayed in the pop-up window. The current version of the Cookie Information is the website
Available under "Cookie settings".
Both the information independent of the consent and the cookies related to the consent can be constantly updated in the Cookie Information, where the User has the opportunity to change the cookie settings under the "Settings" menu item.
5. Information on certain data processing
5.0. Registration and login
Use of the Company's online store is subject to registration.
The purpose of the mandatory data (name, e-mail address) to be recorded at registration is to ensure the provision of services available on the Company's website (eg creation of a wish list, participation in the Loyal Customer Program), display of personalized content and advertisements, statistics, IT system technical development, protection of the rights of the Users. The Data made available by the Users during the use of the service may be used by the Data Controller to form user groups and to display targeted content and / or advertisements to the user groups on the Company's websites.
Affected: all Users who wish to use the services available in the Webshop together with the benefits available through registration and login.
The purpose of data management is to record the User's data, grant access and keep in touch in order to facilitate the use of the service.
An additional purpose of data management when logging in is to identify the User, provide rights and discounts, verify the User, ensure the modification and deletion of data and simplify the ordering process.
Scope of data processed: a) mandatory: name and e-mail address, password; b) optional data: name day, birthday. If the User orders a product after registration, the system records the delivery and billing data, ie name and address, after the User's consent.
The legal basis for data processing is provided by Article 6 (1) (a) of the GDPR in accordance with TV. 13 / A. § (4).
Duration of data management: Until withdrawal of consent. The User may terminate his registered status at any time free of charge. If the User cancels his / her registration, his / her personal data related to the registered / logged-in status will be deleted without undue delay.
5.1. General data management related to online ordering
Affected: a User who uses the Company's online store and orders products in the Web Store after or at the same time as registration.
The purpose of data management: in connection with the ordering and purchase in the Webshop, the fulfillment of orders, the documentation of the purchase and payment, the issuance of the accounting document, the fulfillment of the accounting obligation.
The personal data provided in the Web Store for the purpose of purchase will be processed only for the purpose of concluding a contract with the User and fulfilling this contract. The legal basis for data management is set out in the Act. 13 / A (1) to (3) and Article 6 (1) (b) and (c) of the GDPR.
The User must provide personal information in order to purchase the selected product. Without personal data, the Company will not be able to process your order and a contract with the User will not be concluded.
Scope of managed data: order number, order date, time, name, address, telephone number, e-mail address, name of purchased / ordered products, quantity, purchase price, data of selected payment, billing and delivery method, last login IP address, last login time .
Duration of data management: The Company's personal data is stored by the Company only until the performance of the concluded contract, unless the Company requires the further storage of the User's data due to the provision of data to the authorities (eg tax authorities). Such mandatory data management is, for example, the safekeeping of issued invoices for a period specified by the Accounting Act (Section 169 (2) of the Accounting Act and Section 78 of Act CL of 2017 on the Taxation System) directly and indirectly supporting accounting accounting. accounting document shall be kept for 8 years or until the right to determine the tax expires, in the case of deferred tax, for five years from the last day of the calendar year of the due date of the deferred tax), a dispute related to the performance of the contract.
The legal basis for the storage and transmission of the User's personal data to the authorities pursuant to a legal obligation is provided for in Article 6 (1) (c) of the GDPR and by the Court of Auditors. TV. § 169 (2) and CL of 2017 on the order of taxation. Section 78 of Act no. 13 / A (1) - (2).
Delivery-related data management
If the User enters into a contract with the Company, the Company will forward the following data of the User to its logistics service providers in order for them to be able to deliver the products ordered by the User.
Affected: the User or any other consignee designated by the User to whom the Company delivers the ordered product to the designated place of performance.
Scope of data managed: recipient's name, address, e-mail address, telephone number, parcel number of the shipment, value of the parcel, details of the chosen method of payment and delivery, amount of cash on delivery to be collected, billing name and address; as well as additional information voluntarily provided to the Company in connection with the stay at the given address, as well as any other data included in the note attached to the order (eg a different name on the doorbell).
The purpose of data management: fulfillment of orders, documentation of purchases and payments, fulfillment of accounting obligations.
Legal basis for data processing: Article 6 (1) (b) GDPR; subject to the provisions of the Act. 13 / A (1) - (2).
Duration of data management: TV. Pursuant to Section 169 (2): 8 years.
Recipients of data transfer, data transfer: home delivery, in case of Foxpost delivery, the above data is transferred by the Company to the postal service provider / courier service / delivery company.
The legal basis for data transmission in the case of using a universal postal service provider (Magyar Posta Zrt.) Is Article 6 (1) of the GDPR. e) subject to Postatv. § 6 and § 18 (data management is necessary for the performance of the universal postal service as a task of public interest, for which Magyar Posta Zrt. Has been designated on the basis of § 6 and § 18 of the Postal Code), while the universal in case of using a postal service outside the scope of postal services (other service provider other than Magyar Posta Zrt.) Article 6 (1) f) of the GDPR (data transmission is necessary for the enforcement of the legitimate interests of the Company and the postal service provider, which is that without it the performance and justification of the contract would not be possible under the legal conditions for the performance of postal services).
If the courier service selected by the User is unable to deliver the ordered product within the deadline or in the quality expected from the Company due to reasons beyond the Company's scope of activity, the Company will hand over the package (s) to another supplier for timely delivery. and transmits the data processed in connection with the delivery, of which the User is informed by e-mail about the delivery, indicating the fact and reason for the change.
The services provided by the postal service providers / courier service are governed by their general business conditions and data management rules, which the User accepts by accepting this Prospectus.
Postal and logistics providers
In the case of the postal service used to forward the User's personal data to the place of performance, the postal service provider shall send the Postatv. (in the case of other logistics service providers, the Company's logistics service providers store it only until the delivery of the ordered products, unless the law requires the User's data to be due to data provision.
Reliable postal service providers:
Name of postal service provider
Headquarters of the postal service, contact details of the GTC
Data management performed by a postal service provider
activity
Magyar Posta Zrt.
1138 Budapest, Dunavirág street 2-6.
Parcel delivery
SPRINTER Courier Service Ltd.
1097 Budapest, Táblás utca 39.
Parcel delivery
GLS General Logistics Systems Hungary Kft.
2351 Alsónémedi, GLS Európa u. 2.
Parcel delivery
Foxpost Zrt.
3200 Gyöngyös, János Batsányi street 9.
Parcel delivery
Express One Hungary Kft.
1239 Budapest, Európa utca 12.
Parcel delivery
Cheetah-Team Courier Service Ltd.
1149 Budapest, Mogyoródi út 32.
Parcel delivery
Other possible logistics service provider / carrier (data processor):
Name of service provider
Service provider's registered office
Data management performed by a service provider activity
GHYCZY Kft.
1212 Budapest, Széchenyi street 41.
Parcel delivery
Data transmission for payment service providers
If the User enters into a contract with the Company and chooses online payment, for all online payment methods, the Payment Gateway service mediates between the web store and the service provider actually making the payment (SimplePay or PayPal). The Payment Gateway service is operated by BIGFISH Payment Services Kft. (Registered office: 1066 Budapest, Nyugati tér1-2 .; company registration number: 01-09-325828) as a data processor.
The legal basis for the transfer is Article 6 (1) (a) of the GDPR (consent of the data subject).
5.2. Subscribe to and send newsletters, send automatic system messages
Registered users can subscribe to the newsletter after logging in in the "Settings" menu, unregistered Users have the opportunity to register.
If the User is registered to send a newsletter, the personal data provided during registration for such purpose will be processed only for the purpose of sending the newsletter to the User's e-mail address if the User has given his / her consent to the data management. The newsletter has direct marketing elements and contains advertising. If the User changes the e-mail address provided during registration by logging in to his / her account, the Company will send the newsletters to the changed e-mail address.
Scope of managed data: e-mail address, name, consent to the direct marketing request, its date, topics arising from previous purchases, method of receipt used; analytical data related to the sending and delivery of messages (eg sending and opening, date and time of the link in the letter, reason for non-delivery).
The purpose of data management: sending e-mail newsletters containing commercial advertising to those interested, displaying marketing messages, informing about current information and promotions related to the Company's products and services, direct marketing inquiries, contacting, obtaining evaluations related to the purchased product, delivering the gift package for those who submit the best book reviews. The Company manages the data provided by the User during the use of the newsletter.
The legal basis for data processing is provided by Article 6 (1) (a) of the GDPR in accordance with TV. 13 / A. § (4) and Grt. Section 6 (1) (a).
Duration of data management: The personal data provided to the User for sending the newsletter will be stored by the Company only until he unsubscribes from the newsletter by clicking on the "unsubscribe" button or requests to be removed from the newsletter list by e-mail or post. In case of unsubscribing, the Company will not contact the User with further newsletters or offers. The User may unsubscribe from the newsletter free of charge at any time and withdraw his consent. Registered Users can unsubscribe from the newsletter at any time and free of charge by logging into their personal account - by unchecking the check box when subscribing to the newsletter. If the User unsubscribes, the personal data used for sending the newsletter will be deleted without undue delay. The Company greets registered Users with a one-time welcome email after registration, which also includes a marketing offer; due to the fact that the welcome e-mail is sent only once, it cannot be unsubscribed separately.
Paper-based newsletter requests and consents to their receipt are recorded by the Company's employees in their information systems and are subsequently handled by the Company through these information systems. Consents recorded on paper shall be canceled by the Company after the expiry of a period of 1 year after their recording in the information systems, or before that, if the data subject withdraws his or her consent to receive the newsletter.
During the operation of sending the newsletter, the Company requires from time to time contributors - data processors.
The authorized data processor:
Name of data processor
Data processing office
Performed by a data processor
data processing activity
Mailchimp, The Rocket Science Group, LLC.
675 Ponce de Leon Ave NE Suite 5000 Atlanta
Maileon emailing system operation
5.3. Complaints handling, warranty and guarantee claims handling
Affected: A User who makes a complaint or warranty or warranty claim related to one of the services / products provided by the Company in person, on the contact form available in the Customer Service menu of the birdbooks.hu website, by e-mail (info@birdbooks.hu) or in a store of the Company report to the Company.
Scope of data processed: order number, customer's name, address, e-mail address, telephone number, product name, purchase price, date of purchase and complaint notification, personal data voluntarily provided by the customer in the complaint description, complaint log and complaint signature of the complainant, personal data contained in the response to the complaint.
The purpose of data management: to handle complaints related to any of the services / products provided by the Company, to record and keep records during the handling of warranty and guarantee claims, and to issue and retain an acknowledgment of receipt for the repair or warranty claim return of the product to be avoided from the customer to the Company's warehouse, then re-delivery of the replaced / repaired product.
Legal basis for data processing: Article 6 (1) (c) GDPR; in accordance with Fgytv. 17 / A. § (3) - (5) and on the procedural rules for the handling of warranty and guarantee claims for things sold within the framework of a contract between a consumer and a business. (IV. 29.) NGM Decree with Section 4 (1) a) and (6) and Section 6 (1) a).
Duration of data management: Fgytv. 17 / A. § (7) from the date of the recording of the minutes, and 19/2014. (IV. 29.) of the NGM Decree, the retention period prescribed for the protocols of a consumer protection complaint is three years from the date of the record.
Recipient of data transfer: Magyar Posta Zrt. Returns the product covered by the warranty / guarantee claim to the Service Provider and delivers the repaired / replaced product to the customer
The legal basis for the transfer is Article 6 (1) of the GDPR. e) subject to Postatv. § 6 and § 18 (data management is necessary for the performance of the universal postal service as a task of public interest, for which Magyar Posta Zrt. Has been designated on the basis of § 6 and § 18 of the Postal Code).
5.4. Sweepstakes (raffles, votes)
The rules of data management of prize games, campaigns organized jointly with third parties, and other ad hoc data management are determined individually by the Company in connection with the given event in accordance with the characteristics of the events concerned.
5.5. Use a contact form
If you would like to contact our Company, you can do so using the forms in the Contact menu on our Website. In order to respond to the contact form, it is necessary to provide personal data (name, e-mail address).
By using the form, the User may request general information about the services provided by the Webshop, and may make statements related to the use of the Webshop and the Company's newsletters related to the ordered product.
Affected: the User who fills in the form.
In the case of general information, the purpose of data management is to provide information related to the Company's services.
The legal basis for data management - in the case of a buyer or a prospective buyer, as the case may be - is set out in the Act 13 / A. § (1) and (7) of the GDPR Article 6 (1) (b), in other cases Article 6 (a) of the GDPR.
Duration of data management (storage time of personal data provided in the form):
- in case of a one-time information exchange, the Company deletes the data immediately;
- if the request is related to the conclusion of a contract for a service provided by the Company or to its preparation, the duration of the data management shall be in accordance with the provisions of the Act. 13 / A. § (1) and (7), subject to Article 6 (1) (b) of the GDPR;
- in the case of a consumer complaint: five years from the recording of the complaint report (Section 17 / A (7) of the Consumer Protection Act).
In other cases, the handling of the provided data is subject to the regulations related to the given item (product order, newsletter, loyalty program, etc.).
6. The persons entitled to access the data
Employees, performance assistants and contributors of the Company, including, in particular, data processors, are entitled to access the personal data provided; experts or all those specifically named in this Prospectus.
7. Data processors, data transmission
The Company may use data processors to ensure the continuous and proper operation of the Webshop, to fulfill orders and to perform other activities closely related to the provision of Webshop services.
In order to check the lawfulness of the data transfer and to inform the data subject, the Company keeps a data transfer register, which contains the date of transfer of personal data processed by it, the legal basis and recipient of the transfer, determination of the scope of transferred personal data and other data specified by law.
7.1. Name of the data processors used by the Company:
Company name
Headquarters
Activity
7.2. Possibility of data transfer
In addition to what is specified in this Prospectus, certain personal data of the Users may be transferred for a specific purpose, with the express and unambiguous consent of the User, as follows:
If the User chooses online credit card payment during the order, the Company will provide the full name, e-mail address, IP address, account details, type of the ordered product, address, full name and address provided in connection with the delivery ( country code, country, city, address [e.g. country code, country, city, address (eg name, type, house number, floor, door, topographical number, other additional address data], postal code), e-mail address and telephone number are transmitted via the Payment Gateway
PayPal (Europe) S.à.r.l., which operates PayPal, for the purpose of settling the purchase price. et Cie, S.C.A. (registered office: 22-24 Boulevard Royal L-2449, Luxembourg), respectively
OTP Mobil Kft., operating the SimplePay application (registered office: 1093 Budapest, Közraktár u. 30-32., tax number: 24386106-2-43, company registration number: 01-09-174466), for the purpose of settling the purchase price and handling complaints related to online bank card payments. ) for.
The transmitted personal data can be obtained from OTP Mobil Kft. And PayPal (Europe) S.à.r.l. et Cie,
S.C.A. also handles it in accordance with its own data management information. The data management information of OTP Mobil Kft. Is https://simplepay.hu/adatkezelesi-tajekoztatok, while PayPal (Europe) S.à.r.l. et Cie, S.C.A. data management information is available at https://www.paypal.com/en/webapps/mpp/ua/privacy-full?locale.x=en_US#PayPal.
8. Rights and enforcement of data subjects
Regarding the handling of their personal data, the Users, as data subjects, may send the Company as a data controller in writing at any time by registered mail to the address of the Company (Szarka Dóra ev, 1037 Budapest, Laborc u. 4.) or to info@vedikarrier.hu can be requested by e-mail
- information on the handling of their personal data (right of access),
- correction or deletion of their personal data,
- transferring their personal data to another data controller,
- restrictions on data management, and
- may object to the processing,
- may initiate the exclusion of them from the scope of automated decision-making,
- they may withdraw their consent to the processing.
Within five years after the death of the User, the right of access, rectification, deletion, restriction and protest may be exercised by a proxy designated by the User in his lifetime. The statement on the appointment of a proxy must be submitted by the User to the Company. In the absence of a proxy, the right of rectification and protest, as well as - if the data processing was already illegal in the User's life or the purpose of data processing ceased upon the User's death - the right of cancellation and restriction by the User's close relative - and foster child, adoptive parent, stepfather and foster parent, and sibling). The Company invites the proxy or close relative wishing to exercise the rights of the deceased User to prove his / her identity and the death and date of death of the User. Only a death certificate or a court decision establishing the fact of death may be accepted to prove the fact and date of death: in the absence of these, the Company will not comply with the application of the authorized person or a close relative.
The Company considers a request for information sent in a letter to be authentic or lawful if the User can be clearly identified on the basis of the sent request.
A request for information sent by e-mail is considered authentic by the Company only if it is sent from the User's registered e-mail address.
If there is any doubt as to the right of the person requesting the information, the Company may request the person requesting the information to prove his / her identity. To verify eligibility, the Company will ask the person requesting information to provide one or two of the following identifiers per case type:
in connection with registration, order: registered telephone number, order ID (including the ID of the interrupted order), user ID, order data (eg receipt method, delivery address, recipient's telephone number, product name, etc.), registered e-mail address;
Personal data used for identification will only be used for the purpose of identification and for the duration of the identification.
Right of access
The right of access does not mean the possibility of direct access to the data or the physical or IT systems storing them, but the fact that, at the request of the User, the Company provides him with information on whether he handles his personal data; if yes,
for what purpose does it handle the data,
to whom you forward them,
how long you store the data (if the storage time cannot be determined in advance, the criteria for determining the storage time),
the source of the data (if not collected directly from the employee), whether automated decision-making (including profiling) takes place, what its logic is, and how important automated decision-making is and what the expected consequences are for the User act
whether the data are transferred to a third country (Member States of the European Union and countries outside the Member States of the European Economic Area [Iceland, Norway and Liechtenstein]) or to an international organization; if so, under what guarantees.
The Company may refuse to inform the User only in the cases specified in the GDPR and the Infotv. You may justify a refusal to provide information,
if the User's rights (information, rectification, deletion) specified in this chapter for the external and internal security of the state (eg national defense, national security, prevention or prosecution of criminal offenses, security of penitentiary) and in the economic or financial interest of the state or local government , in order to prevent and detect breaches of labor law and occupational safety and health (including in all cases control and supervision) and to protect the rights of the User or others in the interests of the European Union or the economic or financial interests of the European Union. limits as well
if the person submitting the request for information is a person other than the User and does not prove his / her right to submit the request.
In the event of a refusal to provide information, the Company shall notify the User in writing of the grounds on which the information was refused.
The Company shall provide the requested information in writing within the shortest time from the submission of the request, but no later than within one month, at the express request of the User.
The Company shall make a copy of the processed data available to the data subject for the first time free of charge, thereafter against payment of the costs associated with making the copy.
Correction and deletion of personal data
If the personal data does not correspond to reality and the personal data corresponding to reality is available to the Company, the personal data will be corrected by the Company; in other cases, the correction may be made at the request of the User, after the correct data has been provided.
Personal data must be deleted
- if personal data are no longer required for the purpose for which they were collected or otherwise processed,
- the User has withdrawn his consent to data management,
- the User objects to data processing based on a legitimate interest as a legal basis for data management and there is no priority legitimate reason for data processing, or the User objects to data processing for direct business purposes,
- the data is processed in an illegal, unlawful manner,
- personal data must be deleted in order to fulfill the legal obligation applicable to the Company under the law of the European Union or Hungary,
- it has been ordered by a court or supervisory authority.
If the Company has disclosed personal data and is obliged to delete it, taking into account the available technology and the costs of implementation, it shall take reasonable steps to inform the other data controllers that the User has requested links to such personal data or deletion of a copy or duplicate of such personal data.
The Company will flag the personal data it manages if the User disputes its correctness or accuracy, but the inaccuracy or inaccuracy of the disputed personal data cannot be clearly established.
The Company will notify the User of the rectification and deletion, as well as all those to whom the data has previously been transmitted for data management purposes. The notification may be omitted if it does not infringe the legitimate interest of the User with regard to the purpose of data management.
The right to data portability
The User may initiate the provision of personal data concerning the Company in a structured, widely used, (computer) readable format (eg excel file), and the Company is entitled to transfer this data directly to another data controller, provided that
data management is automated and
the data management is based on the User's consent or a contract
in which the User is required to take steps at the request of one of the parties or the User prior to concluding the data management contract.
Right to restrict data processing
The Company restricts the processing of the User's personal data with regard to the method or duration of data processing in the event of any of the following cases:
the User disputes the accuracy of his / her personal data, in which case the restriction applies to the period of time that allows the Company to check the accuracy of the personal data,
in case of illegality of the data management, instead of deleting the User's data, it requests only the restriction of their use in time or in time,
the Company no longer needs the personal data, however, the User requests the provision of legal claims from the Company in order to submit and validate legal claims,
the User has objected to the processing of data based on the legitimate interests of the Company or a third party; in this case, the restriction shall apply for the period until it is determined whether the legitimate interest underlying the data processing takes precedence over the legitimate reasons of the User.
In case of restriction of data processing, personal data may be processed in addition to storage only with the consent of the User, or for the submission and enforcement of legal claims, or for the protection of the rights of other natural or legal persons, or in the important public interest of the European Union or Hungary.
The Company shall inform the party initiating the restriction before lifting the restriction. Protest against the processing of personal data
The User may object to the processing of his personal data,
if the processing or transfer of personal data is necessary only for the enforcement of a legitimate interest of the Company or a third party (in each case)
the legal bases of data processing are explained in detail under point 5), unless the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the User, or if the processing of personal data is necessary for legal claims,
if the use or transfer of personal data is for direct business acquisition (direct marketing).
The Company shall examine the protest within the shortest time from the submission of the application, but not later than within 30 days, make a decision on the merits of the application and inform the applicant of its decision in writing.
If the Company finds the User's objection to be well-founded, it shall terminate the data processing, including further data collection and data transmission, and notify all persons to whom the personal data affected by the objection has been previously transmitted and who are also obliged to take action. in order to enforce the right to protest.
If the User does not agree with the decision of the Company, or if the Company does not examine the application within 30 days, the User - within 30 days from the announcement of the decision or the last day of the deadline - before the court of his domicile or residence may file a lawsuit against the Company.
Stakeholder rights related to automated decision making
Chapter 5 of the prospectus provides information on whether, if so, in which cases the Company applies decision-making without human intervention. If this happens, the following applies to the automated decision.
The User may initiate with the Company not to be covered by a decision based solely on automated data management (including profiling) that would have a legal effect on or would significantly affect him, unless the automated decision necessary for the conclusion or performance of the contract between the User and the Company,
EU or Member State law applicable to the Company, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the User, is based on the User's express consent with the prior knowledge
by providing that in the case of points 1) and 3) the Company provides the User with the possibility to object to the decision and to initiate human intervention (for example, a subsequent review of the result of the automated decision).
In the case of the User's special data, the Company applies automated decision-making only with the express consent of the User or when the data processing is necessary due to a significant public interest or is required by EU law or Hungarian law.
Right to withdraw consent
If the processing of personal data, including special data, is based on the User's consent, the User shall contact the Company.
(Szarka Dóra ev, 1037 Budapest, Laborc u.) may withdraw its consent to data processing at any time by registered or registered letter with acknowledgment of receipt or by e-mail to info@vedikarrier.hu, as a result of which the Company will no longer process personal information. Withdrawal of consent shall not affect the lawfulness of consent-based data processing initiated before withdrawal.
The Company shall, without undue delay, but no later than within 30 days of receipt of the request, inform the data subject of the action taken on its request for access, rectification, erasure, restriction, data transfer, protest, automated decision-making. Taking into account the complexity of the application and the number of applications, the deadline may be extended by another two months, of which the Company shall inform the data subject within 30 days of receipt of the application, indicating the reasons for the delay. If the data subject has submitted the application electronically, the information shall, if possible, be provided by the Company electronically, unless the data subject requests otherwise.
In case of reasonable doubt as to the quality of the applicant, the Company is entitled to call on the applicant to prove his / her identity. Only personal data known to the Company may be requested to prove identity. In its reply, the Company will explain in detail the factual and legal reasons for rejecting the application.
The Company may charge a reasonable fee or refuse to provide the information and / or take the action detailed in this Section 8 only if the request is clearly unfounded or, in particular, excessive due to its repetitive nature.
If the User does not agree with the decision of the Company, he / she can apply to a court: he / she can decide whether according to his / her place of residence (permanent address) or place of residence (temporary address).
court (list of courts: https://birosag.hu/torvenyszekek).
The court of your place of residence or stay can be contacted at https://birosag.hu/ugyfelkonnectati-portal/birosag-kereso.
If the User violates the way the Company handles his data, we recommend that he contact the Company first. Your inquiry will be carefully investigated in each case.
If the User is dissatisfied with the result of the complaint investigation, he / she can submit his / her comments to the National Data Protection and Freedom of Information Authority at the following contact details:
Head office: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c, Mailing address: 1530 Budapest, Pf. 5.
E-mail: ugyfelszolgalat@naih.hu
9. Entry into force and amendment of the Data Management Information
This Prospectus shall enter into force on November 20, 2019. The Company provides information on (ad hoc) data management not listed in this Prospectus upon data collection.
The Company reserves the right to amend this Privacy Notice at any time by unilateral decision. After the amendment of the Data Management Information, all Users must be informed in an appropriate manner (in a newsletter, in the pop-up window on the first login after the amendment enters into force). By continuing to use the service, the Users acknowledge the changed data management rules, in addition, it is not necessary to seek their consent.