Galvanize Nutrition Ltd.
https://puregoldprotein.com/hu
website visitors, registered users and business partners for
1.INTRODUCTION
Galvanize Nutrition Kft. (registered office: 1145 Budapest, Columbus u. 27-29/b; place of business: 2120 Dunakeszi, Pallag u. 25/B. company registration number: 01-09305771), hereinafter referred to as the "Data Controller", as the Data Controller, acknowledges the contents of this legal notice as binding upon it. It undertakes to ensure that any processing of data relating to its activities complies with the requirements set out in this Notice and in the applicable national legislation and European Union acts.
As stated above, the service provider intends to fully comply with the legal requirements for the processing of personal data, in particular with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as "GDPR").
In the course of operating the website, the Data Controller processes the data of the persons registered on the site in order to provide them with an appropriate service.
The Data Controller reserves the right to make changes to this notice without restriction. The Data Controller will notify the data subjects of any changes in due time.https://puregoldprotein.com/hu)
If you have any questions about the contents of this Notice, please contact us using one of our official contact details and one of our dedicated staff will answer your question (see designated contact).
Galvanize Nutrition Ltd., as a data controller, is committed to protecting the personal data of its customers, while complying with its legal obligations, and attaches great importance to respecting the right of informational self-determination of its customers. The Data Controller handles personal data confidentially and takes all security, information technology and organisational measures to ensure the security, confidentiality, integrity and availability of the data.
This Privacy Notice has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, subject to the provisions of Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information.
Please note that we can only process your personal data in accordance with the provisions of the GDPR if you, as a natural person, are aware of your civil and criminal liability and
provide us, as Data Controller, with only your real personal data. Providing inaccurate, incorrect or fictitious personal data will prevent us from providing our services to you and will be contrary to our legal obligations.
2. Data Controller's data
Name / company name: Galvanize Nutrition Ltd.
Seat: 1145 Budapest, Columbus u. 27-29/b
Location: 2120 Dunakeszi, Pallag u. 25/B.
Company registration number: 01-09-305771
Website name, address: https://puregoldprotein.com/hu
Contact details of the privacy notice: https://puregoldprotein.com/hu
3.
Contact
details of the Data Controller
Name / company name: László Garai /Galvanize Nutrition Kft.
Mailing Address: 1145 Budapest, Columbus u. 27-29/b
E-mail: info@puregoldprotein.com/hu
Telephone: +36301310453
4. Definitions
- the GDPR (General Data Protection Regulation) is the European Union's General Data Protection Regulation;
- Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
- personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller's designation may also be determined by Union or Member State law;
- data subject's consent: a voluntary, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;
- data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- recipient: the natural or legal person, public authority, agency or any other body, whether or not a third party, to whom or with whom the personal data are disclosed. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
- third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
5. THE SCOPE OF THE PERSONAL DATA, THE PURPOSES, PURPOSES, PURPOSES AND DURATION
The data processing of the Data Controller's activities is based on voluntary consent or on legal authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing. In certain cases, the processing, storage and transmission of some of the data provided may be required by law. The principles of this Privacy Notice are in accordance with the applicable data protection and related legislation, in particular the following:
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
• Act V of 2013 on the Civil Code (Civil Code);
• Act C of 2000 on Accounting (Accounting Act);
• Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (AML/CFT)
• 19/2017 (VII. 19.) MNB Decree on the detailed rules for the development and operation of a screening system for service providers supervised by the MNB and the implementation of the Act on the implementation of financial and property restrictive measures ordered by the European Union and the United Nations Security Council
• Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Eker.)
• Act C of 2003 on Electronic Communications (Eht.)
• Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising (Act XLVIII of 2008).
5.1. DATA MANAGEMENT
Purpose of data processing
Legal basis for processing (where the legal basis for processing in this Notice includes the following terms, the following legal provisions are used):
voluntary consent of the data subject (Article 6(1)(a) GDPR)
performance of a contractual obligation (Article 6(1)(b) GDPR)
fulfil a legal obligation (Article 6(1)(c) GDPR)
legitimate interests of the controller or a third party (Article 6(1)(f) GDPR)
Scope of the data processed:
for natural persons: name, address, telephone number, e-mail address
for legal persons/companies: name, registered office, tax number, postal address, telephone number, e-mail address
The time limit for data retention:
in the case of a contractual obligation, for the duration of the contract;
until the data subject's voluntary consent is withdrawn;
Retention of accounting data as defined in the Accounting Act (8 years)
Data controller tasks:
Name Headquarters
Data management task
ld. Further subsections in chapter 5.1.
Data processing tasks:
Name
Vodafone Hungary Zrt.
Invitech ICT Services Kft.
ACE Telekom Ltd.
OTP Simple Pay
Headquarte rs
1112 Budapest, Boldizsár utca 2.
1013 Budapest, Krisztina krt. 39.
1037. Budapest, Zay út 3
https://simplepay.hu/wpcontent/uploads/2021/01/ OTPM_kereskedoi_kapcsolattar toi_adatkezeles_hun_20210114. pdf 1143 Budapest, Hungária krt. 17-19.
Stripe
https://stripe.com/en-hu/privacy
Amazon https://www.amazon.com/gp/ help/customer/display.html? nodeId=GX7NJQ4ZB8MHFRN
J
https:// stripe.com/ en-hu
https:// www.amazon. com/
Béradmin Ltd. 1222 Budapest, Mész u. 6.
DPD Hungária Kft.
1134 Budapest, Váci út 33. 2. floor.
The Rocket Science Group LL.C Mailchimp (675 Ponce De Leon Ave NE Ste 5000
Data processing task
internet service (Budapest)
internet service (Dunakeszi)
internet service (Dunakeszi)
electronic payment service
electronic payment service
external hosting provider
IT operations legal advice
accounting
mail and parcel delivery
Newsletters
Tawk.to chat and messaging app
Matomo web analytics application
Stape server-side tracking application
Atlanta, GA, 30308-2172)
https:// www.tawk.to chat and messaging, customer support
https:// matomo.org/ analysis of website visits and shopping habits, statistical data
https:// stape.io/ server-side tracking
Possible consequences of not providing data:
Possible consequences of not providing data to the data subject upon request: under the EU General Data Protection Regulation (GDPR), the data subject may lodge a complaint with the supervisory authority, which may establish the failure to act in the framework of an administrative procedure and impose a fine on the offending/defaulting controller.
5.1.1. Registration on the website
On the company's website, the visitor/contacted person has the possibility to register and to implement a registration. By filling in the form, the visitor provides the personal data required for contacting the company. However, the data can only be actually recorded if the data subject accepts the company's Privacy Policy and confirms this by ticking a checkbox. The completion of the above operation is a necessary element of the finalisation of the registration. Without this, the registration will not be successful.
The purpose of data processing is to provide additional services (complaints and grievances) and to contact you.
The legal basis for registration data processing is your consent.
The data subjects are the registration users of the website.
Duration of processing: processing will continue until consent is withdrawn. You may withdraw your consent to data processing at any time by sending an e-mail to the contact e-mail address.
The controller and processors have the right to access the data.
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor. 9
Data storage method: electronic.
You may request the modification or deletion of your personal data by sending an e-mail or letter to the contact details provided above.
The provision of personal data is strictly necessary for identification in databases and contact purposes. The exact name/company name and address are required for billing purposes, which is a legal obligation.
Scope of data processed
Specific purposes of the processing of data
Name Identification, contact, billing.
Address Identification, contact, billing.
E-mail Identification, contact.
Phone Identification, contact.
User name Identification, contact.
Date of registration Technical information operation.
IP address + clientside technical fingerprint Technical information operation.
The user can give his/her consent to data processing by voluntarily ticking the blank checkbox on the website.
As a data subject, you have the right to object to the processing of your personal data, in accordance with the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.
5.1.2. Placing an order on the website, online shopping
After registering on the website, the visitor has the possibility to initiate an online purchase (order pick-up) and to carry out an online purchase in the online shop.
The enabling of online purchases and sales on the website operated by the Data Controller and the performance of the contract under the GTC published on the website is based on Article 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
The purpose of the processing is to provide additional services and to contact you.
Legal basis for registration data processing: performance of a contractual obligation
The data subjects are the registration users of the website.
Duration of data processing: data processing lasts until the contractual obligation is fulfilled.
The controller and processors have the right to access the data.
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
Amendments or corrections to personal data can be initiated by e-mail or by letter using the contact details provided above.
The provision of personal data is strictly necessary for identification in databases and contact purposes. The exact name/company name and address is required for delivery and invoicing, which is a legal obligation.
Scope of data processed
Specific purposes of the processing of data
Name Identification, contact, billing.
Address Identification, contact, billing.
Identification, contact.
Phone Identification, contact.
User name Identification, contact.
Online purchase date
Order number
Package information
IP address + clientside technical fingerprint
Technical information operation.
Technical information operation.
Technical information operation.
Technical information operation.
As a data subject, you have the right to object to the processing of your personal data, in accordance with the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.
5.1.3. Delivery of the product
Purpose of the processing is to issue a delivery address and order delivery
Legal basis for processing: performance of a contractual obligation
The data subjects are the registered customers of the service provider.
Duration of processing: processing is based on a legal requirement.
Persons entitled to access the data: the controller and processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
Changes or corrections to your shipping details can be initiated by e-mail or letter using the contact details provided above.
Scope of data processed
Specific purposes of the processing of data
Name Identification, contact, billing.
Address
Phone
Delivery data
Delivery date
Identification, contact, billing.
Identification, contact.
Identification, contact.
Identification of the transport
Technical information operation
The user can give his/her consent to data processing by voluntarily ticking the empty checkbox on the website.
The data subject may object to the processing of his or her personal data, in which respect he or she has the right to the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.
5.1.3. Setting up an account
The purpose of the processing is to issue and send an electronic invoice as an e-mail attachment.
The legal basis for processing is mandatory processing based on law.
The data subjects are the registered customers of the service provider.
Duration of processing: processing is based on a legal requirement.
Persons entitled to access the data: the controller and processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
Changes or corrections to invoice details can be initiated by e-mail or letter using the contact details provided above.
Scope of data processed
Specific purposes of the processing of data
Name Identification, contact, billing.
Address Identification, contact, billing.
E-mail Identification, contact.
Phone Identification, contact.
Account details Identification of the account
Invoice issue date
Technical information operation
The data subject may object to the processing of his or her personal data, in which respect he or she has the right to the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.
5.1.4. Sending a newsletter
As the operator of this website, we declare that the information and descriptions published by us fully comply with the relevant legal provisions. We also declare that when subscribing to a newsletter, we are not in a position to verify the authenticity of the contact details or to establish whether the details provided relate to an individual or a company. Companies that contact us will be treated as a customer partner.
The purpose of data processing is to send you professional brochures, electronic messages containing advertising, information and newsletters, from which you can unsubscribe at any time without any consequences.
The legal basis for processing is your consent. Please be informed that the user may give his/her prior and explicit consent to be contacted by the service provider with promotional offers, information and other mailings to the e-mail address provided at the time of registration. As a consequence, the user may consent to the processing of the necessary personal data by the service provider for this purpose.
Please note that if you wish to receive a newsletter from us, you must provide the necessary information. If you do not provide this information, we will not be able to send you a newsletter.
Duration of processing: processing will continue until consent is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.
The data will be deleted when consent to data processing is withdrawn. You can withdraw your consent to data processing at any time by sending an e-mail to the contact e-mail address.
You can also withdraw your consent by following the link in the newsletters sent to you.
The controller and processors have the right to access the data.
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
Changes, corrections or deletion of data can be initiated by e-mail or by letter using the contact details provided above.
Scope of data processed
Specific purposes of the processing of data
Name Identification, contact, billing.
E-mail Identification, contact.
Date of subscription
IP address + Client-side technical fingerprint
Technical information operation.
Technical information operation
Please note that neither the username nor the e-mail address need to contain any personally identifiable information. For example, it is not necessary for the username or e-mail address to contain your name. You are entirely free to choose whether or not to provide a username or e-mail address that contains information that identifies you. The email address, which is used to contact you, is absolutely necessary to ensure that any newsletter or professional information sent to you is received.
5.1.5. Cookies (cookies)
Cookies are placed on the user's computer by the websites visited and contain information such as the page settings or login status.
Cookies are therefore small files created by the websites you visit. They improve the user experience by saving browsing data. Cookies help the website to remember your website settings and offer you locally relevant content.
A small file (cookie) is sent by the provider's website to the website visitors' computer in order to establish the fact and time of the visit. The provider informs the website visitor of this.
Data subjects concerned: visitors to the website
Purpose of data processing: additional services, identification, tracking of visitors.
Legal basis for data processing: consent of the user
Scope of the data: unique ID number, date, time, configuration data
The user has the option to delete cookies from browsers at any time by going to the Settings menu.
Persons entitled to access the data: the controller and processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
5.1.6. Website traffic analysis, statistical data reporting
Our website operates the MATOMO Analytics application on the company's website to analyse website traffic data. However, the software does not process any personal data in accordance with the applicable data protection regulations, but it does record data about visits. The company receives automatically generated information about visitors to its website.
As IP addresses are considered relative personal data under the current Data Protection Regulation, the National Authority for Data Protection and Freedom of Information and internationally accepted practice, the company protects all technical information obtained in the course of the processing of the website with the protection afforded to personal data under this policy.
Matomo Analytics uses internal cookies to compile reports for its customers on the habits of website users.
On behalf of the website operator, Matomo uses the information to evaluate how users use the website. As an additional service, it generates reports on website activity for the website operator so that it can provide additional services.
Data subjects concerned: visitors to the website
Purpose of data processing: to study website visiting habits
Legal basis for processing: the user's consent
Data: the Internet Protocol (IP) address of the visitor, the time of the visit to the website, the pages viewed, the name of the browser program used
Persons entitled to access the data: the controller and processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
Scope of data processed
IP address
the date of your visit to the website
details of pages viewed
details of the browser program used
Specific purposes of the processing of data
Technical information operation
Technical information operation
Technical information operation
Technical information operation
5.1.7.
Provision of electronic payment services
The nature and purpose of the data processing activities carried out by the processor can be found in the Data Processing Notice of {the electronic payment service provider}, at the following link: https://simplepay.hu/adatkezelesi-tajekoztatok/
The User acknowledges that if he/she chooses the payment method provided by the Service Provider on any website {the electronic payment service provider}, the following personal data stored by the Service Provider in its user database will be transferred to Simple Pay Kft. as a data processor.
The data transmitted by the data controller are the following: name, e-mail address, telephone number, billing name, billing address
5.1.8.
Community sites
The company will also allow visitors to participate on social networking sites to promote the service and to connect effectively.
The scope of the data processed: the name of the registered user on Facebook/Youtube/Instagram/TikTok etc. social networking sites, as well as the user's public profile picture.
Data subjects: all data subjects who have registered on Facebook/ /Youtube/Instagram/TikTok etc. and have "liked" the website.
Purpose of the data collection: to share or "like" certain content, products, promotions or the website itself on social networking sites.
We process data subjects' data in the course of our activities as a data processor. The tasks of data controller and the rights and obligations related to data processing are exercised by the operators of social networking sites.
Description of the data subjects' rights in relation to data processing: the data subject can find out about the source of the data, the processing of the data and the method and legal basis of the transfer on the relevant Community site (duration of processing, deadline for deletion of data, the identity of the potential controllers who are entitled to access the data and the data subjects' rights in relation to data processing)
The processing of data takes place on social networking sites, so the duration of the processing, the method of processing and the possibility to delete and modify the data are governed by the rules of the social networking site concerned.
Legal basis for processing: the data subject's voluntary consent to the processing of his or her personal data on social networking sites.
5.1.9. "Cart abandonment" message
The purpose of the processing is for the Data Controller to notify you of a purchase that has been started but not completed. In other words, that you have placed the product ordered via the website in your shopping cart but have not completed the purchase process.
The legal basis for processing is the legitimate interest of the Data Controller
The data subjects are the registered customers of the service provider.
Duration of processing: the Data Controller processes the personal data on the basis of its legitimate interest for a period of 1 year from the date of placing the product in the shopping cart.
Persons entitled to access the data: the controller and processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
Scope of data processed
Cookiek
Specific purposes of the processing of data
Identification, contact.
Identification, contact.
The data subject may object to the processing of his or her personal data, in which respect he or she has the right to the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.
5.1.10.
Ad hoc promotions
From time to time, the Data Controller may organise ad hoc promotions, which may include the processing of personal data.
The purpose of the Data Processing is to promote the products and services of the Data Controller.
The legal basis for processing is the data subject's consent
The data subjects are the customers participating in the promotion.
Duration of processing: the Data Controller processes personal data on the basis of consent as a legal basis until the purpose of the processing is fulfilled (end of the promotion) or until the date of withdrawal of the data subject's consent.
Persons entitled to access the data: the controller and processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
Scope of data processed Specific purposes of the processing of data
Name Identification, contact, billing.
E-mail Identification, contact.
Phone Identification, contact.
Picture/photo Identification
The scope of the data required to be provided during the promotion varies from case to case, usually name, email address, picture, the personal data processed in the specific promotion can be found on the promotion's website, where the data subject can find out which personal data he/she is required to provide.
The user can give his/her consent to data processing by voluntarily ticking the empty checkbox on the website.
The data subject may object to the processing of his or her personal data, in which respect he or she has the right to the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.
5.1.11. Images and videos published on websites and social media
The purpose of the Data Management is to promote the products and services of the Data Controller and to raise awareness of the benefits of a conscious and balanced diet. In this context, photographs and videos taken by or sent to the Data Controller may be published on its website or social media platforms. This includes in particular: before and after pictures, pictures and videos taken during interviews with passers-by.
The legal basis for the processing is the consent of the data subject, which can be given by filling in the relevant declaration or by ticking a checkbox.
Data subjects concerned: participating customers.
Duration of processing: the Data Controller processes personal data until the purpose of the processing is achieved (the duration of the social media presence) or, if earlier, until the consent is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address. The data will be deleted after the withdrawal of consent to processing.
Persons entitled to access the data: the Data Controller and data processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the Data Controller are set out in the contract of engagement with the data processor.
Data storage method: electronic.
Scope of data processed
Specific purposes of the processing of data
Name Identification, contact, billing.
Mother's name, place and date of birth
Image, sound, image and sound recording (video)
Answers to the interview questions, in particular
Identification
Identification, contact.
Identification, promotion of the Data Controller's products
Promotion of the Data Controller's
opinions on the products and services of the Data Controller products
5.1.12. Providing customer support on the website
The purpose of data processing is to enable website visitors and customers to contact the customer support unit (support) and to receive answers to their questions about product purchases via the chat and messaging application available on the website.
The legal basis for processing is the consent of the data subject.
The data subjects are visitors to the website and customers
Duration of processing: the Controller processes personal data on the basis of consent as a legal basis until the date of withdrawal of the data subject's consent.
Persons entitled to access the data: the controller and processors
Personal data are processed only to the extent and in the event that the fulfilment of the customer's request/request requires the provision of the data necessary for the contact (name, e-mail address).
The application saves history data and monitors visitors' website activity to provide fast and efficient customer service.
For information on the privacy and data protection rules of the legal person carrying out data processing activities on behalf of the company, please visit the data processor's website: https://www.tawk.to/privacy-policy/
Scope of data processed
Specific purposes of the processing of data
Name Identification, contact.
E-mail Identification, contact.
5.1.13. KYC data management
KYC stands for "Know Your Costumer" and is a customer identification procedure required by Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (hereinafter: AML) and other relevant provisions (see Information Chapter 5), which banks and other financial service providers use to document the true identity of customers and the source of their assets, with the aim of ensuring the legitimacy of those assets. KYC customer identification is implemented as a third party electronic service. Details of the third-party service provider's rules on data management are available on its website.
For natural persons, the following information must be provided during electronic customer identification:
Data processed: full name - name at birth - mother's maiden name - permanent addressdate of birth - place of birth - nationality
The primary identity documentation required for identification must be uploaded in the manner and location specified by the external service provider. In addition to the primary identification documents, a photograph of the person concerned is required for customer identification.
Primary identification documents can be: 1. Valid passport; 2. National Identification Card; 3. Valid driving licence.
Information and documents must be uploaded via the website in the manner prescribed and deemed appropriate by the external service provider.
5.1.14.
The Data Controller publishes customer feedback questionnaires at unspecified intervals on the website's interface for registered users. The Controller will process the responses to the questionnaire as follows.
The purpose of data processing is to obtain user (customer) feedback on the services provided by the Data Controller, to improve and strategically plan the services of the Data Controller based on customer needs, to offer possible individual promotions based on the preferences of the customer, and to use the feedback for possible advertising and marketing purposes.
The legal basis for processing is your consent. The user can give his/her consent by voluntarily ticking a blank checkbox on the website. In the absence of consent and the provision of answers, it is not possible to complete the questionnaires.
Duration of processing: the Data Controller processes personal data until the purpose of the processing is achieved (until the end of the promotion) or, if earlier, until the consent is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address. Your data will be deleted when you withdraw your consent. Corrections, additions or deletions of the data provided can also be requested by sending an e-mail to the contact e-mail address.
The Data Controller and the data processors are entitled to access the data.
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the Data Controller are set out in the contract of engagement with the data processor.
Data storage method: electronic.
The scope of the data processed: the answers given by the user (customer) to the questions asked in the given customer feedback questionnaire.
5.2. OTHER DATA PROCESSING BY THE CONTROLLER
5.2.1. E-mail service
Galvanize Nutrition Ltd. provides an e-mail service for its customers. The mail traffic (letters, attachments, log files) is stored on the servers of the data processor of Galvanize Nutrition Ltd., the Web Hosting Provider indicated in section 5.1.
The purpose of the processing: the smooth operation of the e-mail service.
Legal basis for processing: consent of registered customers.
Data processed: letters, attachments, log files.
Duration of processing: 5 years
5.2.2. Customer register
The data of registered customers and partners are recorded in the company's unique system.
purpose of data processing: to maintain the necessary contacts to fulfil the order requests of customers and partners.
scope of data processed: customer's name, e-mail address, telephone number, address, shopping habits
legal basis for processing: consent of the user
data retention period: until the deletion of contact data at the request of the data subject, in the case of accounting documents and other invoicing-related cases 8 years in accordance with Article 169 (2) of the Act on Accounting.
Persons entitled to access the data: the controller and processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
5.2.3. Data transmission
By accepting this Privacy Notice, the Data Subject expressly consents to the transfer of his or her personal data to the recipients as data processors specified below:
Data: name, telephone number, e-mail address, address, ...
Data source: data collected directly from the data subject
Recipient of the transfer: the set of data processors set out in point 2.1.
legal basis for processing: consent of the user
time limit for data storage: until the contact details are deleted at the request of the data subject,
Persons entitled to access the data: the controller and processors
The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.
Data storage method: electronic.
6.CONTACTING
How to contact the Data Controller
If you contact us, you can contact the controller using the contact details provided in this Notice or find more information on the official website (https://puregoldprotein.com/hu)
The Data Controller will delete all e-mails received by it, together with the sender's name, e-mail address, date, time and other personal data provided in the message, after a maximum of five years from the date of the communication.