Purpose of the Rules

The purpose of this Policy is to set out the data protection and data management principles applied by Ciritas Ferro LTD (“Company”) and the Company’s data protection and data management policy, which the Company acknowledges as binding on itself and commits to ensuring that its data management in relation to its services and the operation of its webshop complies with the provisions set out in this Policy and the applicable legislation.

the Company’s data management principles are in compliance with the applicable data protection legislation, including:

– (EU) 2016/679 – General Data Protection Regulation (GDPR)

– 2011. Act CXII of 2007 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)

– 2001. Act CVIII of 2007 – on certain aspects of electronic commerce services and information society services (in particular § 13/A)

– 2008. Act XLVII of 2007 – on the prohibition of unfair commercial practices against consumers;

– 2008. Act XLVIII of 2007 – on the basic conditions and certain restrictions on economic advertising (in particular § 6)

– 2005. Act XC of 2007 on the freedom of electronic information

– 2003. Act C of 2006 on electronic communications (specifically § 155)

The legal basis for the processing of data on the website is the consent of the User, the Infotv. 5. § (1), and § 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

This notice applies to the processing of data on the Company’s website(http://www.tarsasjatekvac.hu).

Changes to this privacy notice will take effect upon publication on the above website.

Definitions of terms

  • dataset: the set of data managed in a single register;
  • data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
  • data processor: a natural or legal person or unincorporated body that processes personal data on behalf of the controller;
  • data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular the collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, alignment or combination, blocking, erasure and destruction of personal data and the prevention of their further use;
  • data controller: the Ciritas Ferro KFT. (registered office: 2600 Vác, Március 15 tér 16-18. fsz. 14. ; Company registration number: 13-09-200636 ; Tax number: 26226228-2-12);
  • data marking: the marking of data with an identification mark to distinguish it;
  • data destruction: the complete physical destruction of the data medium containing the data;
  • transfer: making data available to a specified third party;
  • data erasure: the rendering of data unrecognisable in such a way that it is not possible to recover it;
  • data blocking: the marking of data with an identification mark for the purpose of limiting its further processing permanently or for a limited period of time;
  • automated dataset: a set of data to be processed automatically;
  • user: a natural person who registers on the Company’s websites or requests an invoice;
  • data subject: a natural person identified on the basis of personal data
  • machine processing: includes the following operations, when carried out wholly or partly by automated means: storage of data, logical or arithmetical operations on data, alteration, deletion, retrieval and dissemination of data;
  • third party: any natural or legal person or unincorporated body other than the data subject, the controller or the processor;
  • consent: a voluntary and explicit expression of the data subject’s wishes, based on appropriate information, by which he or she gives his or her unambiguous agreement to the processing of personal data concerning him or her, either in full or in relation to specific operations;
  • disclosure: making the data available to anyone;
  • personal data: data that can be associated with a specific natural person, in particular the name, the identification mark of the data subject and the physical, physiological, mental, economic, cultural or social identity of one or more data subjects, in order to draw conclusions about the data subject. The personal data shall retain this quality during the processing for as long as the link with the data subject can be re-established;
  • objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data;

Scope of personal data processed

  • The personal data that must be provided when registering a user are: email address; name. In the case of home delivery, the following additional personal data are required: billing address; delivery address; telephone number.
  • Data technically recorded during the operation of the system: data of the user’s computer logging in, which are generated during the use of the service and which are recorded by the data controller’s system as an automatic result of technical processes. The data that are automatically recorded are automatically logged by the system at the time of logging in or logging out, without any specific declaration or action by the user. These data may not be linked to other personal user data, except in cases required by law. The data may only be accessed by the data controller.

Legal basis, purposes and methods of processing

  • The processing of personal data is based on the voluntary and informed consent of users of the content of the www.tarsasjatekvac.hu website, which includes their explicit consent to the use of their personal data provided during the use of the website in the cases listed below. The legal basis for the processing of the data is the voluntary consent of the data subject pursuant to Article 5(1)(a) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information.
  • The purpose of the processing is to provide the services available under the URL www.tarsasjatekvac.hu (shopping in the webshop and home delivery).
  • The purpose of the automatically recorded data is to produce statistics, to improve the technical development of the IT system and to protect the rights of users.
  • The data controller may not use the personal data provided for purposes other than those described in this policy. Unless otherwise required by law, the disclosure of personal data to third parties or public authorities is only possible with the prior express consent of the user.
  • The Controller does not verify the personal data provided to it. The person providing the data is solely responsible for the correctness of the data. By providing an e-mail address, any user also assumes responsibility for the fact that he/she is the only one to use the service from the e-mail address provided.

Principles of data management

  • Legality, fairness, transparency

Personal data may only be processed on the basis of a specific legal basis (consent or other legal basis). Personal data must be processed fairly and in a transparent manner for the data subject. Information on data processing must be provided in an accurate, transparent, intelligible and easily accessible form, in plain and intelligible language.

  • Goal orientation

Data may only be collected for specified, explicit and legitimate purposes. Further processing of data may also only be carried out in accordance with these purposes. The balancing of the interests of the data controller and the data subject, directly linked to purpose limitation, will in many cases provide the legal basis for processing.

  • Data economy

The principle of data economy requires that data collection and processing is limited to what is actually necessary to achieve the intended purpose.

  • Accuracy

Inaccurate data must be deleted or corrected without delay. Businesses are required to put in place routine procedures for updating data.

  • Limited shelf life

Personal data may be stored in a form which allows the identification of data subjects for the time necessary to achieve the purpose of the processing. In the case of pseudonymisation, the data cannot be associated with the data subject without being linked to other information.

  • Integrity, trustworthiness

Ensure the prevention of unauthorised and unlawful processing, accidental loss, destruction or damage to data. Data protection incidents, i.e. breaches of personal data where there is a risk that the rights of data subjects may be affected, must be reported to the data protection authority. In appropriate cases, where the risk is high, the data subject should also be notified directly.

  • Accountability

Under the basic principle of accountability (Article 5(2) of the GDPR), businesses must be able to document their compliance with the principles set out above.

Privacy Policy applied by the Company

  • The Company uses personal data that are indispensable for the use of Ciritas Ferro Ltd. services on the basis of the consent of the data subjects and only for the purposes for which they are collected.
  • The Company, as the data controller, undertakes to process the data it receives in accordance with the provisions of the Infotv. and the data protection principles set out in this Policy and not to transfer them to third parties.

The following are exceptions to this provision:

  • use of the data in a statistically aggregated form, which may not include the name of the user concerned or any other identifiable information;
  • In certain cases, the Company may make available to third parties the accessible data of the user concerned in response to a formal judicial or police request, legal proceedings for copyright, property or other infringements or reasonable suspicion of such infringements, or in case of prejudice to the interests of the Company, or in case of threat to the provision of its services, etc.
  • Ciritas Ferro Ltd.’s system may collect data about the activity of users, which cannot be linked to other data provided by users at the time of registration, nor to data generated by the use of other websites or services.
  • Ciritas Ferro KFT. as data controller complies in any case with the restrictions laid down by law in the collection, recording and processing of data, and informs the data subject of its activities by electronic mail. The Company undertakes not to impose any sanction on a user who refuses to provide non-compulsory data.
  • Ciritas Ferro LTD undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedures to ensure that the data collected, stored and processed are protected and to prevent their destruction, unauthorised use and unauthorised alteration.
  • If the personal data is not accurate and the accurate personal data is available to the controller, the controller may correct the personal data.
  • Instead of erasure, the controller shall block the personal data if the data subject so requests or if, on the basis of the information available to him or her, it is likely that erasure would harm the data subject’s legitimate interests. Personal data blocked in this way may be processed only for as long as the processing purpose which precluded the deletion of the personal data continues to exist.
  • The rectification, blocking or deletion of the personal data processed must be notified to the user concerned and to all those to whom the data were previously transmitted for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject in relation to the purposes of the processing.

Duration of processing

  • The processing of personal data provided by the user will be maintained until the user unsubscribes from the service with the given username. The date of deletion is 10 working days from the date of receipt of the user’s unsubscription (request for deletion). In the event of unlawful or fraudulent use of personal data or in the event of a criminal offence or system attack committed by the user, the Data Controller is entitled to delete the data immediately upon termination of the user’s registration, but in the event of suspicion of criminal offence or civil liability, the Data Controller is also entitled to retain the data for the duration of the proceedings to be conducted.
  • The personal data provided by the user, even if the user does not unsubscribe from the service, may be processed by the Company as data controller until the user explicitly requests their deletion by e-mail (info@tarsasjatekvac.hu). A user’s right to request the termination of processing without unsubscribing from the service does not affect his/her right to request the service, but he/she may not be able to use certain services (e.g. webshop) due to the absence of personal data. The data will be deleted within 10 working days of receipt of the request.
  • Data which are automatically, technically recorded during the operation of the system are stored in the system for a period of time from the moment they are generated which is reasonable to ensure the operation of the system. The Company ensures that these automatically recorded data cannot be linked to other personal user data, except in cases required by law. If the user has withdrawn his/her consent to the processing of his/her personal data or has unsubscribed from the service, his/her identity will no longer be identifiable from the technical data.

Processing of personal data

  • Any change in personal data or request for the deletion of personal data may be made explicitly by sending an email to info@tarsasjatekvac.hu.
  • Some personal data may also be changed by editing the page containing your personal profile.
  • Once a request for deletion or modification of personal data has been fulfilled, the previously (deleted) data can no longer be restored.

Data processing

  • Ciritas Ferro KFT does not use a separate external data processor. It processes the personal data it processes itself.
  • Ciritas Ferro Ltd. does not engage in any profiling (collection of information not provided by the user).

Possibility of data transfer

  • The Company, as the data controller, is entitled and obliged to transfer to the competent authorities any personal data at its disposal and stored by it in accordance with the law, which it is obliged to transfer by law or by a final and binding obligation of a public authority. The controller cannot be held liable for such transfers and the consequences thereof.
  • If the Company transfers the operation or use of the content service on tarsasjatekvac.hu to a third party, in whole or in part, the data processed by the Company may be transferred to such third party for further processing without any further consent being required. This transfer of data may only serve to ensure the continuity of the registration of users who have already registered, but may not place the user in a more disadvantageous position than the data management and data security rules indicated in the current version of this Privacy Policy.
  • In case of issuing an electronic or handwritten invoice, the personal data (name, address, tax number) on the invoice will be transmitted to the official accounting firm of Ciritas Ferro KFT. (Kék Könyvelő KFT.)
  • In the case of home delivery by courier, the necessary personal data (name, address, telephone number, email address) will be transmitted to the courier company appointed by the Company in order to carry out the delivery and contact.

Amendments to the Privacy Policy

  • Ciritas Ferro LTD. reserves the right to amend this Privacy Policy at any time by unilateral decision in a manner that does not violate any legal provisions. The modification or improvement of the data management activity, the main purpose of which is to ensure a higher level of protection of users’ personal data, or it contains clarifications (for example: change of registered office, change of contractual partner. Following the modification of the Privacy Policy, all users will be informed by electronic mail on the basis of their registered email address (except for changes resulting from minor clarifications). By continuing to use the service, users accept the modified privacy policy and no further consent is required.

Rights of users in relation to their personal data processed by the controller

  • Users may request information about the processing of their personal data from the Company as data controller at any time in writing by sending an e-mail to info@tarsasjatekvac.hu. The request for information may cover the data of the user processed by the controller, the source of the data, the purpose, legal basis and duration of the processing, the name and address of any data processors, the activities related to the processing and, in case of transfer of personal data, who has received or is receiving the user’s data and for what purpose.
  • Users may request the deletion of their data by sending an e-mail to info@tarsasjatekvac.hu.
  • Requests for information sent by e-mail shall be considered authentic by the controller only if they are sent from the registered e-mail address of the user.
  • The data controller shall provide written information in response to a query regarding the processing within the shortest possible time from receipt, but not later than 30 days. The date of receipt shall be deemed to be the first working day following the sending of the e-mail.

Newsletter

  • Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, the User may expressly consent in advance to being contacted by the Company with advertising offers and other information mailings at the email address provided upon registration.
  • In addition, the Customer may, subject to the provisions of this notice, consent to the processing of personal data by the Company necessary for the sending of advertising offers.
  • The Company will not send unsolicited commercial messages, the User may unsubscribe from receiving offers without any restriction and without giving any reason, free of charge. The User will not be contacted with further promotional offers. The User may unsubscribe from advertising by clicking on the link in the message.
  • The fact of processing, the data processed: name, e-mail address.
  • Data subjects: all data subjects who subscribe to the newsletter.
  • Purpose of processing: sending electronic messages (e-mail) containing advertising to the data subject, providing information on current information, products, promotions, new features, etc.
  • Duration of data processing, deadline for deletion of data: until the withdrawal of the consent, i.e. until unsubscription.
  • Potential data controllers who may have access to the data: personal data may be processed by the controller’s staff, in compliance with the principles set out above.
  • Description of the data subjects’ rights in relation to data processing: the data subject may unsubscribe from the newsletter at any time, free of charge.
  • Legal basis for data processing: the data subject’s voluntary consent, the Infotv. Article 5 (1) of the Act on the Fundamental Conditions and Certain Restrictions of Economic Advertising Activities (Act XLVIII of 2008), Article 6 (5).
  • After subscribing to the newsletter, the name and email address of the User will be transmitted to the system that edits and sends the newsletter (mailchimp.com).

Cookie management (cookies)

  • Legal basis for processing: consent is not required from the data subject where the sole purpose of the use of cookies is to provide a communication over an electronic communications network or where the service provider strictly needs the cookies to provide an information society service explicitly requested by the subscriber or user.
  • Data processed: unique identification number, dates, times.
  • Time limit for deletion of data: the period of data processing lasts until the end of the visit to the website in the case of session cookies, or 30 days in other cases.
  • The purpose of data processing: to identify users and track visitors.
  • The website may also contain links to external servers (not managed by the Company), and the sites accessed through these links may place their own cookies or other files on your computer, collect data or request personal information. The Company accepts no responsibility for these.
  • The Service Provider manages the visitor data of tarsasjatekvac.hu using the Google Analytics service. Codes related to the Google Analytics service have been placed on the website, which transmit statistical data related to each visit to an external server of the Company. The data transmitted are not suitable for the sole identification of the data subject. More information about Google’s privacy policy can be found here: http://www.google.hu/policies/privacy/ads/
  • The data is stored on the IT device of the data subject. The data subject has the possibility to delete cookies in the Tools/Settings menu of the browsers under the Privacy settings.

Enforcement options

The user may exercise his/her rights before the courts under the Infotv. and Act IV of 1959 (Civil Code), and may also seek the assistance of the National Authority for Data Protection and Freedom of Information in any matter related to personal data:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, P.O. Box 5.

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

Vác, 01.11.2020.