Privacy Policy
DATA MANAGEMENT NOTIFICATION
(hereinafter referred to as “Notification” or “Data Protection Notification”)
borvilag.hu internet site („Site”) is commited for the protection of the personal data of the Data Subjects („Data Subject”) and prepares every necesseary security actions that guerantees the security of such data.
Data Controller’s, name and contacts of the representative:
- Company name: Premium Winery Borkereskedelmi Kft..
- Address: 1103 Budapest, Kőér utca 1-5.
- Tax number: 26587640-2-42
- Company registration: Cg. 01 09 333661
- Email address: info@borvilag.hu ugyfelszolgalat@borvilag.hu
Data that has been shared with the Data Controller during the use of the Site are managed according to the provisions in this Policy and the of ct CXII of 2011 on the Right to Informational Self-determination and the Freedom of Information (“Privacy Act”), Act V of 2013 on the Civil Code (Civil Code), and Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising Activity (Business Advertising Act) as well.
This Policy contains information regarding the data kept and processed through the Site by the Data Controller.
In case of any question or clarification regarding the content or the application of the Policy contact us on the following contacts:
e-mail:
phone:
Personal contact:
Upon request we provide a detailed description about the data and the data management activities.
I. Processed data:
In order to fulfill online Purchase (Purchase) through the Website opreated by the Data Controller such as placing orders, changing orders, following delivery, invoicing, collecting payments and contacting Data Subjects. In the framework of the registration necessary for the purchase on the Website, the Data Subject allows purchases from the webshop by providing his/her family name, first name, e-mail address, password, telephone number („Data”)
II. Purpose limitation:
Main purpose of Data Management: fulfilling orders primarily made through the Site, dispatching items, handling warranty and legal claims, contacting Data Subjects, in which aspect data are managed by the Data Controller. The Data Subject should register in order to be able to excercise the right of purchasing/ordering (Ordering) through which Data Controller aquire the personal data of the Data Subject. Providing personal data in this sense is always voluntary from the Data Subject. Providing the Data is necessary to use the services of the Site, otherwise the services of the Site are not available. Providing Data therefore, is required for Ordering, fulfilling the order and handling claims. Upon registration the Data Subject consent that the Data are registered in the database of the Data Controller.
Data provided by the Data Subject are not complemeted or linked with data or information from any other source. The Company shall transmit personal data to any third party only if the Data Subject – being aware of the scope of data transmitted and the recipient of the data transmission – had given his/her unambiguous consent to the transmission, or if authorization to the data transmission is given by law. Data Controller is allowed to forward Data Subject data to those employees or thord party partners who are providing services in order to fulfill the Order within the EEC or the sepcific location of the Order. For dispatching Data Controller is using the services of DPD, who covers data required for delivery.
Data Controller is aware in this case as well to forward Data to those third party partners who are fulfilling the order or participating in fulfilling the order and managing the Data according the regulations. To meet obligations according to law Data from the Data Subject are forwarded to the invoicing program, technical data management for bookkeeping reasons is managed by Auditliget Kft.
The Company shall transmit personal data to any third party only if the Data Subject – being aware of the scope of data transmitted and the recipient of the data transmission – had given his/her unambiguous consent to the transmission, or if authorization to the data transmission is given by law.
Data Controller shall do all available actions for the protection of Data, takes all necessary technical and organizational actions to avoid unatuhorized access, alteration, forwarding, publication, deleting, destroying and unintentional destroying or damage of Data.
Data Controller only sends marketing messages or newsletter after the previous consent of the Data Subject and always provides opportunity to cancel these communication opportunities or unsubscribe.
After purpose of data management has been ceased or the storage period according to law expires or on the basis of the request of the Data Subject Data Contorller immediately deletes every data.
If the Data Subject’s registration is deleted every managed data is immediately deleted.
III. The legal basis of the data management
Registration: Registration is necessary for the purchase on the Website. Registration is voluntary if the Data Subject registers the legal basis for data management is the consent of the Data Subject according to the provisions of GDPR Section 6. 1) a).
Fulfilling orders: Upon order – with registration – confirmed through the Site a contract is entering into force between the Data Subject and the Data Controller. The necessary pesonal data required for fulfilling the order, keeping contact with the Data Subject for fulfilling the order or enforcing possible legal claims is managed according to the contract with the Data Subject entering into force according to the provisions of GDPR Section 6. 1) b).
Direct marketing and market research: Data managemet for the purpose of direct marketing or market research is only made upon the previous consent of the Data Subject. Legal basis od data management the provisions of GDPR Section 6. 1) a).
Data provided in course of communications of marketing purpose: In certain cases Data Subjects my receive marketing and information documents, the legal basis of the data management for sending such documents are the provisions of GDPR Section 6. 1) b) regarding the fulfillment of the Contract with the Data Subject. In certain cases communication is sent for obligatiory reasons (confirmation of orders). In this case the legal basis of the data management for sending such documents are the provisions of GDPR Section 6. 1) c).
Statistics, technical development, protection of Data Subject’s right: Data Controller manages the personal data of Data Subjects to provide quality service and for statistical reasons and for the protection of the right of the Data Subjects and technical developments. In this case the legal basis of the data management for sending such documents are the provisions of GDPR Section 6. 1) f). In this case the data management is necessary for the purposes of the legitimate interests pursued by the data controller above the interest of the rights of the Data Subject for the security of the Site and is a necessary and protportionate hindering of fundamental rights of the Data Subject.
Data management based on legal obligation or general interest: The personal data of the Data Subject may be managed if the data management is necessary for compliance with a legal obligation (such as tax regulations for the storage of invoices) to which the Data Controller is subject. In this case the legal basis of the data management for sending such documents are the provisions of GDPR Section 6. 1) c).
IV. Storage limitation
After purpose of data management has been ceased or the storage period according to law expires or on the basis of the request of the Data Subject Data Contorller immediately deletes every data. According tho certain laws it is obligatory to store specified data and dokuments that may contain personal data.
Data management begins with the registration process or placing an order. If the Data Subject’s registration is deleted every managed data is immediately deleted. All data is deleted immediatelly if the Data Subject revokes the data management consent unless the management of data is required based on other aim or jurisdiction. Upon deleting data data management is finished.
V. Cookies
The Site uses cookies. The cookie is an information package of letters and numbers sent by the Site tot he browser of the Data Subject in order to save certain settings, help using the Site and collect certain relevant data about the Data Subject to help fulfilling orders. The data so recorded cannot be linked with the other personal data. The management of the data serves statistical purposes exclusively.
Law background of cookies:
Background of Data Managemet is based on the provisions of Act CXII of 2011 on the Right to Informational Self-determination and Act CVIII of 2001 on certain aspects of electronic commerce services and information society services. Background of the Data Management is the personal and voluntary consent of the Data Subject.
VI. The rights of the Data Subject and vindication
Data Controller provides the following rights tot he Data Subject in compliance with the regulations of GDPR.
Right for getting information
The Data Subject may request information about the data management at any time and any means of data management. Information shall be given in written form – including electronically. Information and any action taken shall be free of charge. On the other hand if the request from the Data Subject is unsubstanttiated or especially because of repetition unreasonable the Data Controller shall charge a fee for providing the information reckoning the adminstrative expenses or shall deny the request. Data Controller can also provide verbal information if the identification of the Data Subject was successful in an other way. Data Controller shall give information without delay but within 30 days after receiving the request about the actions taken. This 30 day period can be extended with 60 days depending on the complexity and number of requests. If the request was received electronically the information shall be also given electronically unless the Data Subjest required it otherwise. Data Controller’s obligatory brief shall be published on the Site with the label Privacy Brief and shall be accessible easily by everybody.
Accessibility
Accessibility shall be provided to the Data Subject to any means of data management. The data subject shall have the right to obtain from the Company confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
Right for correction
Right for correction shall be provided to the Data Subject to any means of data management.
Upon the request of the data subject, the Data Controller shall, without undue delay, correct the personal data processed inaccurately concerning the data subject. The data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary declaration.
Right for deleting (forgetting)
The right of cancellation (forgetting) does not apply automatically to the data subject in respect of the processing of data relating to each legal basis. The Data Controller shall delete the personal data of the data subject without undue delay if one of the following reasons exists:
· personal data are no longer required for the purpose for which they were collected or otherwise processed;
· the Data Subject withdraws the consent on which the data processing is based (in the case of consent-based data processing) and there is no other legal basis for the data processing;
· the Data Subject objects to the data processing and there is no priority legitimate reason for the data processing legal bases applied to the data processing (data processing based on a public authority license or based on a legitimate interest)
· personal data has been processed unlawfully;
· personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the Data Controller;
The Data Controller shall keep a record of the deletion in order to be able to verify that the deletion has taken place.
The Data Controller shall inform all persons to whom the personal data has been transferred of the obligation to delete.
For security reasons, a deletion request will only be valid if the user confirms the deletion request by e-mail to prevent anyone from intentionally or accidentally deleting something else from the registration database.
Right to restrict data processing
The data subject has the right to a restriction in respect of all grounds for data processing.
The Data Controller shall inform all persons to whom the personal data has been transferred of the obligation.
Objection
The data subject has the right to object in the case of data processing legal bases based on a public authority license or a legitimate interest. The Data Controller may not further process personal data in the event of a request by the data subject to protest, unless he or she demonstrates that the processing is justified by compelling legitimate reasons which take precedence over the data subject's interests, rights and freedoms or to bring legal proceedings. related to the protection of If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for that purpose.
Right to data portability
The right to data portability in the case of a legal basis for data processing based on consent or contract is granted to the data subject if the data processing is carried out in an automated manner. The Data Controller shall ensure that the data subject receives the personal data concerning him or her made available to the Data Controller in a structured, widely used machine-readable format and that the data subject transmits this data to another data controller.
VII. Complaint, redress
The affected Clients may address their complaints and objections directly to the Data Controller, at any of the specified contact details, who will do their utmost to eliminate and remedy any violations.
Pursuant to Article 7 (3) of the GDPR, the Customer, as a data subject, has the right to withdraw its consent to the processing of his / her Data at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal. You have the right to withdraw your consent as easily as you give it.
The Client's right to appeal to a court pursuent to Article § 22: of Infotv. In case of illegal data processing, a civil lawsuit may be initiated against the Data Controller. The court has jurisdiction to hear the case. The lawsuit may, at the option of the person concerned, be brought before the court of the place of residence (see the list and contact details of the courts at the following link: http://birosag.hu/torvenyszekek).
Without prejudice to other administrative or judicial remedies, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he or she has his or her habitual residence, place of employment or suspected infringement, if the processing of personal data concerning him or her violates the GDPR.
The competent supervisory authority in Hungary:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Post box: 1530 Budapest, Pf.: 5
e-mail: ugyfelszolgalat@naih.hu
Phone +36 (1) 391-1400
fax.: +36 (1) 391-1410
website: www.naih.hu
