5. THE SCOPE OF THE PERSONAL DATA, THE PROCESSING PURPOSE, TITLE AND DURATION

1.INTRODUCTION

The data processing of the Data Controller's activities is based on voluntary consent or on legal authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing. In certain cases, the processing, storage and transmission of some of the data provided may be required by law. The principles of this Privacy Notice are in accordance with the applicable data protection and related legislation, in particular the following:

• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);

• Act V of 2013 on the Civil Code (Civil Code);

• Act C of 2000 on Accounting (Accounting Act);

• Act LIII of 2017 on the Prevention of Money Laundering and Terrorist Financing and on the preventing (Pmt)

• 19/2017 (VII. 19.) MNB Decree on the detailed rules for the development and operation of a screening system for service providers supervised by the MNB and the implementation of the Act on the implementation of financial and asset restriction measures ordered by the European Union and the United Nations Security Council

• Act CVIII of 2001 on electronic commerce services and the on certain aspects of information society services (Eker.)

• Act C of 2003 on Electronic Communications (Eht.)

• Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising (Act XLVIII of 2008).

5.1.ADATKEZÉSEK

Purpose of data processing

The legal basis for processing (where the legal basis for processing in the Prospectus is contains the following legal provisions):

• voluntary consent of the data subject (Article 6(1)(a) GDPR)

• performance of a contractual obligation (Article 6(1)(b) GDPR)

• fulfil a legal obligation (Article 6(1)(c) GDPR)

• legitimate interests of the controller or a third party (Article 6(1)(f) GDPR)

Scope of the data processed:

• for natural persons: name, address, telephone number, e-mail address

• for legal persons/companies: name, registered office, tax number, postal address, telephone number, e-mail address

The time limit for data retention:

• in the case of a contractual obligation, for the duration of the contract;

• until the data subject's voluntary consent is withdrawn;

• Retention of accounting data as defined in the Accounting Act (8 years)

Data controller tasks:

1145 Budapest, Columbus u. 27-29/b ld. Further subsections in chapter 5.1.

Data processing tasks:

Name Headquarters Data processing task

Vodafone Hungary Zrt.

1112 Budapest, Boldizsár street 2.

Invitech ICT Services Kft.

1013 Budapest, Krisztina krt. 39.

ACE Telekom Ltd.

OTP Simple Pay https://simplepay.hu/wpcontent/uploads/2021/01/OTPM _trade_relationship_management_ada tkezeles_hun_20210114.pdf

Stripe https://stripe.com/en-hu/privacy

Amazon https://www.amazon.com/gp/hel p/customer/display.html?nodeId

=GX7NJQ4ZB8MHFRNJ

1037. Budapest, Zay Road 3 https://stripe. com/en-hu https://www.a mazon.com/ internet service (Budapest) internet service (Dunakeszi) internet service (Dunakeszi) electronic payment service electronic payment service external hosting provider

1143 Budapest, Hungária krt. 17-19.

Béradmin Ltd.

DPD Hungária Kft.

1222 Budapest, Mész u. 6.

1134 Budapest, Váci út 33. 2. em.

Google LL.C.

The Rocket Science Group LL.C

Mailchimp

(1600 Amphitheatre Parkway Mountain View, CA 94043)

(675 Ponce De Leon Ave NE Ste 5000 Atlanta, GA, 30308-2172)

IToperations legal advice accounting mail and parcel delivery

Cookie management

Newsletters

Possible consequences of not providing data:

Possible consequences of not providing data to the data subject upon request: under the EU General Data Protection Regulation (GDPR), the data subject may lodge a complaint with the supervisory authority, which may establish the failure to act in the framework of an administrative procedure and impose a fine on the offending/defaulting controller.

5.1.1.Registration on the website

On the company's website, the visitor/contacted person has the possibility to register and to implement a registration. By filling in the form, the visitor provides the personal data required for contacting the company. However, the data can only be actually recorded if the data subject accepts the company's Privacy Policy and confirms this by ticking a checkbox. The completion of the above operation is a necessary element of the finalisation of the registration. Without this, the registration will not be successful.

The purpose of the processing is to provide additional services (complaints and grievances) and to contact you.

The legal basis for registration data processing is your consent.

The data subjects are the registration users of the website.

Duration of processing: processing will continue until consent is withdrawn. You can withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address. The data will be deleted when consent is withdrawn.

The controller and processors have the right to access the data.

The data protection obligations applicable to natural or legal persons or unincorporated organisations carrying out data processing activities on behalf of the company are set out in the contract of engagement with the data processor.

Data storage method: electronic.

The modification or deletion of personal data may be initiated by e-mail or by letter to using the contact details above.

The provision of personal data is strictly necessary for identification in databases and contact purposes. The exact name/company name and address are required for billing purposes, which is a legal obligation.

Scope of data processed Specific purposes of the processing of data

Name Identification, contact, billing.

Address Identification, contact, billing.

E-mail Identification, contact.

Phone Identification, contact.

User name Identification, contact.

Registration Date Technical information operation.

IP address + client-side technical fingerprint

Technical information operation.

The user can give his/her consent to data processing by voluntarily ticking the empty checkbox on the website.

As a data subject, you have the right to object to the processing of your personal data, in accordance with the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.

5.1.2.Ordering on the website, online shopping

After registering on the website, the visitor has the possibility to visit the online shop initiate an online purchase (place an order) and process it.

The enablingof online purchases and sales on the website operated by the Data Controller and the performance of the contract under the GTC published on the website is based on Article 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

The purpose of the processing is to provide additional services and to contact you. The legal basis for registration data processing is your consent.

The data subjects are the registration users of the website.

The controller and processors have the right to access the data.

Data storage method: electronic.

The modification or deletion of personal data may be initiated by e-mail or letter to. using the contact details above.

The provision of personal data is strictly necessary for identification in databases and contact purposes. The exact name/company name and address is required for delivery and invoicing, which is a legal obligation.

Scope of data processed

Specific purposes of the processing of data

Name Identification, contact, billing.

Address Identification, contact, billing.

E-mail Identification, contact.

Phone Identification, contact.

User name Identification, contact.

Online shopping Date

Order number

Package information

IP address + client-side technical fingerprint

Technical information operation.

The user can give his/her consent to data processing by voluntarily ticking the empty checkbox on the website.

5.1.3.Product delivery, delivery

Purpose of the processing The legal basis for processing is the consent of the data subject

The data subjects are the registered customers of the service provider.

Duration of processing: processing is based on a legal requirement. Persons entitled to access the data: the controller and processors

Data storage method: electronic.

Changes or corrections to the delivery data can be initiated by e-mail or by letter using the contact details above.

Scope of data processed

Specific purposes of the processing of data

Name Identification, contact, billing.

Address

Identification, contact, billing.

E-mail Identification, contact.

Phone Identification, contact.

Delivery data

Delivery date

Identification of the transport

Technical information operation

The user can give his/her consent to data processing by voluntarily ticking the empty checkbox on the website.

The data subject may object to the processing of his or her personal data, in which respect he or she has the right to the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.

5.1.3.Setting up an account

The purpose of the processing is to issue and send an electronic invoice as an e-mail attachment.

The legal basis for processing is mandatory processing based on law.

The data subjects are the registered customers of the service provider.

Duration of processing: processing is based on a legal requirement.

Persons entitled to access the data: the controller and processors

Data storage method: electronic.

Changes or corrections to invoice details can be initiated by e-mail or letter using the contact details above.

Scope of data processed

Specific purposes of the processing of data

Name Identification, contact, billing.

Address Identification, contact, billing.

E-mail Identification, contact.

Phone Identification, contact.

Account details

Invoice issue date

Identification of the account

Technical information operation

The user can give his/her consent to data processing by voluntarily ticking the empty checkbox on the website.

5.1.4.Send newsletter

As the operator of this website, we declare that the information and descriptions published by us fully comply with the relevant legal provisions. We also declare that when subscribing to a newsletter, we are not in a position to verify the authenticity of the contact details or to establish whether the details provided relate to an individual or a company. Companies that contact us will be treated as a customer partner.

The purpose of data processing is to send you professional brochures, electronic messages containing advertising, information and newsletters, from which you can unsubscribe at any time without any consequences.

The legal basis for processing is your consent. Please be informed that the user may give his/her prior and explicit consent to be contacted by the service provider with promotional offers, information and other mailings to the e-mail address provided at the time of registration. As a consequence, the user may consent to the processing of the necessary personal data by the service provider for this purpose.

Please note that if you wish to receive a newsletter from us, you must provide the necessary information. If you do not provide this information, we will not be able to send you a newsletter.

Duration of processing: processing will continue until consent is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.

The data will be deleted when consent to data processing is withdrawn. You can withdraw your consent to data processing at any time by sending an e-mail to the contact e-mail address.

You can also withdraw your consent by following the link in the newsletters sent to you.

The controller and processors have the right to access the data.

Data storage method: electronic.

The modification, correction or deletion of data can be initiated by e-mail or by by letter using the contact details above.

Name Identification, contact, billing.

E-mail

Date of subscription

IP address + Client side technical fingerprint

Identification, contact.

Technical information operation.

Technical information operation

Please note that neither the username nor the e-mail address need to contain any personally identifiable information. For example, it is not necessary for the username or e-mail address to contain your name. You are entirely free to choose whether to provide a username or an e-mail address that contains information that identifies you. The e-mail address, which is used to contact you, is absolutely necessary to ensure that any newsletter or professional information sent to you is received.

5.1.5.Cookies (cookies)

Cookies are placed on the user's computer by the websites visited and contain information such as the page settings or login status.

Cookies are therefore small files created by the websites you visit. They improve the user experience by saving browsing data. Cookies help the website to remember your website settings and offer you locally relevant content.

A small file (cookie) is sent by the provider's website to the website visitors' computer in order to establish thefact and time of the visit. The provider informs the website visitor of this.

Data subjects concerned: visitors to the website

Purpose of data processing: additional services, identification, tracking of visitors.

Legal basis for processing: consent of the user

Scope of the data: unique ID number, time, preferences

The user has the option to delete cookies from browsers at any time by going to the Settings menu.

Persons entitled to access the data: the controller and processors

Data storage method: electronic.

5.1.6.

Google Analytics

Our website uses Google Analytics X □ does not use Google Analytics

When using Google Analytics:

The company's website runs software that analyses website traffic data. However, the software does not process any personal data in accordance with the applicable data protection regulations, but it does record data on visits. The company receives automatically generated information about visitors to its website.

As IP addresses are considered relative personal data under the current Data Protection Regulation, the National Authority for Data Protection and Freedom of Information and internationally accepted practice, the company protects all technical information obtained in the course of the processing of the website with the protection afforded to personal data under this policy.

Google Analytics uses internal cookies to compile reports for its customers on the habits of website users.

On behalf of the website operator, Google will use this information toevaluate how users use the website. As an additional service, the website operator will compile reports on website activity for the website operator so that it can provide additional services.

Data subjects concerned: visitors to the website

Purpose of data processing: to study website visiting habits

Legal basis for processing: the user's consent

Data: the Internet Protocol (IP) address of the visitor, the time of the visit to the website, the pages viewed, the name of the browser program used

Persons entitled to access the data: the controller and processors

Data storage method: electronic.

Scope of data processed

IP address website visit Date details of pages viewed

Specific purposes of the processing of data

Technical information operation

Technical information operation used browser program data

Technical information operation

5.1.7.Provision of electronic payment services

The nature and purpose of the data processing activities carried out by the processor can be found in the Data Processing Notice of {the electronic payment service provider}, at the following link: https://simplepay.hu/adatkezelesi-tajekoztatok/

The User acknowledges that if he/she chooses the payment method provided by the Service Provider on any website {the electronic payment service provider}, the following personal data stored by the Service Provider in its user database will be transferred to Simple Pay Kft. as a data processor.

The data transmitted by the data controller are the following: name, e-mail address, telephone number, billing name, billing address

5.1.8.Community sites

The company will also allow visitors to participate on social networking sites to promote the service and to connect effectively.

The scope of the data processed: the name of the registered user on Facebook/Youtube/Instagram/TikTok etc. social networking sites, as well as the user's public profile picture.

Data subjects: all data subjects who are registered on Facebook/ /Youtube/Instagram/TikTok etc. on social networking sites and "liked" the website.

Purpose of the data collection: to share or "like" certain content, products, promotions or the website itself on social networking sites.

Our company processes data subjects' data in the course of its activities as a data processor. The tasks of data controller and the rights and obligations related to data processing are exercised by the operators of social networking sites.

Description of the data subjects' rights in relation to data processing: the data subject can find out about the source of the data, the processing of the data and the method and legal basis of the transfer on the relevant Community site (duration of processing, deadline for deletion of data, the identity of the potential controllers who are entitled to access the data and the data subjects' rights in relation to data processing)

The processing of data takes place on social networking sites, so the duration of the processing, the method of processing and the possibility to delete and modify the data are governed by the rules of the social networking site concerned.

Legal basis for processing: the data subject's voluntary consent to the processing of his or her personal data on social networking sites.

5.1.9."Cart abandonment" message

The purpose of the processing is for the Data Controller to notify you of a purchase that has been started but not completed. In other words, that you have placed the product ordered via the website in your shopping cart but have not completed the purchase process.

The legal basis for processing is the legitimate interest of the Data Controller

The data subjects are the registered customers of the service provider.

Duration of processing: the Data Controller shall process the personal data on the basis of a legitimate interest in the for a period of 1 year from the date of its inclusion in the basket.

Persons entitled to access the data: the controller and processors

Data storage method: electronic. Scope

E-mail Identification, contact.

Cookiek Identification, contact.

5.1.10.Ad hoc promotions

From time to time, the Data Controller organizes ad hoc promotions, in which personal data are you can also manage.

The purpose of the processing is to promote the products of the Data Controller, to promote the promoting its services.

The legal basis for processing is the data subject's consent

The data subjects are the customers participating in the promotion.

Duration of processing: the Data Controller processes personal data on the basis of consent as a legal basis until the purpose of the processing is fulfilled (end of the promotion) or until the date of withdrawal of the data subject's consent.

Persons entitled to access the data: the controller and processors

Data storage method: electronic.

Scope of data processed

Specific purposes of the processing of data

Name Identification, contact, billing.

E-mail Identification, contact.

Phone Identification, contact.

Picture/photo Identification

The scope of the data required to be provided during the promotion varies from case to case, usually name, email address, picture, the personal data processed in the specific promotion can be found on the promotion's website, where the data subject can find out which personal data he/she is required to provide.

The user's consent to the processing of personal data is given on the website and by voluntarily ticking the empty checkbox.

5.1.11.Images published on websites, social media

The purpose of the Data Management is to promote the products and services of the Data Controller and to raise awareness of the benefits of a conscious and balanced diet. In this context, you may publish on your website or on social media platforms the photos you have taken or submitted to us ("before and after" photos)

The legal basis for processing is the consent of the data subject.

The data subjects are the participating customers.

Duration of processing: the Data Controller will process personal data with consent as the legal basis on the basis of the data subject's consent until the date of withdrawal of the data subject's consent.

Persons entitled to access the data: the controller and processors

Data storage method: electronic.

Scope of data processed

Specific purposes of the processing of data

Name Identification, contact, billing.

E-mail Identification, contact.

Picture/photo Identification

The user can give his/her consent to data processing by voluntarily ticking the blank checkbox on the website.

5.1.10. KYC data management

KYC stands for "Know Your Costumer" and is a customer identification procedure required by Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (hereinafter: AML) and other relevant provisions (see Information Chapter 5), which banks and other financial service providers use to document the true identity of customers and the source of their assets, with the aim of ensuring the legitimacy of those assets. KYC customer identification is implemented as a third party electronic service. Details of the third-party service provider's rules on data management are available on its website.

For natural persons, the following information must be provided in the electronic when identifying a customer:

Data processed: full name - name at birth - mother's maiden name - permanent addressdate of birth - place of birth - nationality

The primary identity documentation required for identification must be uploaded in the manner and location specified by the external service provider. In addition to the primary identification documents, a photograph of the person concerned is required for customer identification.

Primary identification documents can be: 1. Valid passport; 2. National Identification Card; 3. Valid driving licence.

Information and documents must be uploaded via the website in the manner prescribed and deemed appropriate by the external service provider.

5. THE SCOPE OF THE PERSONAL DATA, THE PROCESSING PURPOSE, TITLE AND DURATION

Next Article

1.INTRODUCTION

5.1.ADATKEZÉSEK

5.1.1.Registration on the website

5.1.2.Ordering on the website, online shopping

5.1.3.Product delivery, delivery

5.1.3.Setting up an account

5.1.4.Send newsletter

5.1.5.Cookies (cookies)

Google Analytics

5.1.7.Provision of electronic payment services

5.1.8.Community sites

5.1.9."Cart abandonment" message

5.1.10.Ad hoc promotions

Scope of data processed

Specific purposes of the processing of data

5.1.11.Images published on websites, social media

5.1.10. KYC data management

More articles from this publication:

1.INTRODUCTION

5.2.OTHER DATA PROCESSING BY THE CONTROLLER

This article is from:

Privacy Notice