Pi Health Kft. 2120, Dunakeszi, Vadász u. 57. (13-09-157837 Budapest District Court, Commercial Court) and Jancsó Veronika Sole Proprietor Tax number: 58124936-1-43, hereinafter referred to as the "Service Provider", "Data Controller") hereby submit to the following information.
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information states that the data subject (in this case the website/blog user, hereinafter referred to as the user) must be informed before the processing starts whether the processing is based on consent or whether it is mandatory.
The data subject must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor and the duration of the processing, before the processing starts.
The person concerned must be informed about the Info tv. Paragraph (1) of Article 5 that personal data may be processed if.
a. it is ordered by law or, on the basis of the authorisation granted by law, within the scope specified therein, in the case of data which are not special categories of data or personal data in the criminal field, by decree of a local authority for a purpose in the public interest,
b. is strictly necessary for the performance of the controller's tasks as defined by law and the data subject has given his or her explicit consent to the processing of the personal data,
(c) except as provided for in point (a), necessary and proportionate for the protection of the vital interests of the data subject or of another person or for the prevention or elimination of an imminent threat to the life, limb or property of a person; or
d. unless otherwise provided for in point (a), the personal data have been explicitly disclosed by the data subject and the disclosure is necessary and proportionate for the purpose of the processing.
The information should also cover the rights and remedies of the data subject in relation to the processing.
This privacy statement governs the processing of the following websites:
The amendments to the prospectus will enter into force when published at the above address. We have also included a legal reference behind each part of the prospectus.
(REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Article 4)
(Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, § 5)
(a) it is ordered by law or, on the basis of an authorisation granted by law and within the scope specified therein, by an ordinance of a local authority for a purpose in the public interest in the case of data which are not special categories of data or personal data relating to criminal matters,
(b) in the absence of point (a), it is strictly necessary for the performance of the controller's tasks laid down by law and the data subject has given his or her explicit consent to the processing of the personal data,
(c) except as provided for in point (a), necessary and proportionate for the protection of the vital interests of the data subject or of another person, or for the prevention or elimination of an imminent threat to the life, limb or property of a person; or
(d) in the absence of point (a), the personal data have been explicitly disclosed by the data subject and the disclosure is necessary and proportionate for the purpose of the processing.
(REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Article 6)
The processing of personal data is lawful only if and to the extent that at least one of the following conditions is met:
a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
(b) the processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into the contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary for the protection of the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Point (f) of the first subparagraph shall not apply to the processing of data by public authorities in the exercise of their functions.
(REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Article 5)
(a) be processed lawfully and fairly and in a transparent manner for the data subject ("lawfulness, fairness and transparency");
(b) be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purpose in accordance with Article 89(1) ('purpose limitation');
(c) be adequate, relevant and limited to what is necessary for the purposes for which the data are processed ("data minimisation");
(d) be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without undue delay ("accuracy");
(e) be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects ('limited storage');
(f) be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage ("integrity and confidentiality"), by implementing appropriate technical or organisational measures.
(a) the fact of collection, (b) the data subjects, (c) the purpose of the collection, (d) the duration of the processing, (e) the identity of the potential controllers who are entitled to access the data, (f) the rights of the data subjects with regard to the processing.
Website:
At the blog:
Email:
Name (First name and/or surname, company name):
Phone number:
The accounting documents (including general ledger accounts, analytical or detailed records) directly and indirectly supporting the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.
The service provider may process personal data that are technically necessary for the provision of the service. The provider must, other conditions being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but only to the extent and for the duration necessary.
Company name: DEVBOX Kft.
Registered office: 7054 Tengelic, Rákóczi Ferenc u. 9.
Company registration number: 17-09-010568
Tax number: 25170605-2-17
Registering authority: the Company Court of Szekszárd General Court
Details of the website hosting provider:
Company name: DEVBOX Kft.
Registered office: 7054 Tengelic, Rákóczi Ferenc u. 9.
Company registration number: 17-09-010568
Tax number: 25170605-2-17
Registering authority: the Company Court of Szekszárd General Court
(REGULATION (EU) 2016/679/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))
The processing of personal data must be lawful and fair. It should be transparent to natural persons how their personal data relating to them are collected, used, accessed or otherwise processed, and in what context the personal data are or will be processed.
The principle of transparency requires that information and communications relating to the processing of personal data are easily accessible and comprehensible, and that they are drafted in clear and plain language. This principle applies in particular to the information provided to data subjects on the identity of the controller and the purposes of the processing, as well as to further information to ensure fair and transparent processing of their personal data, and to the information that data subjects have the right to obtain confirmation and information about the data processed concerning them.
The natural person should be informed of the risks, rules, safeguards and rights associated with the processing of personal data and how to exercise the rights that they have in relation to the processing. In particular, the specific purposes of the personal data processing must be explicitly stated and lawful and must be specified at the time of the collection of the personal data.
Personal data must be adequate, relevant and limited to the minimum necessary for the purpose for which they are processed. In particular, this requires ensuring that the storage of personal data is limited to the shortest possible period. Personal data should be processed only if the purpose of the processing cannot be achieved by any other reasonable means.
In order to ensure that the storage of personal data is limited to the necessary period, the controller will set time limits for erasure or periodic review. All reasonable steps shall be taken to correct or delete inaccurate personal data. Personal data shall be processed in a manner which ensures an adequate level of security and confidentiality, inter alia, in order to prevent unauthorised access to or use of personal data and the means used to process personal data.
In order for the processing of personal data to be lawful, it must be based on the data subject's consent or have another lawful basis laid down by law, whether in this Regulation or in other Union or Member State law as referred to in this Regulation, including the need to comply with legal obligations to which the controller is subject, the performance of any contract entered into by the data subject or the steps requested by the data subject to be taken prior to the conclusion of the contract.
Data transmission
Pursuant to Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following should be defined in the scope of the website's data transfer activities:
a) the fact of data collection,
b) the persons concerned,
(c) the purpose of the data collection,
(d) the duration of the processing,
(e) the identity of the potential controllers who have access to the data,
(f) a description of the rights of data subjects with regard to data processing.
The fact of processing, the scope of the data processed.
a) The scope of the data transmitted for the purpose of the delivery: delivery name, delivery address, telephone number, amount to be paid.
b) The data transmitted for the purpose of online payment: billing name, billing address, amount to be paid.
Stakeholders: all stakeholders requesting home delivery/online shopping.
Purpose of data processing: delivery of the ordered product/processing of the online purchase.
Duration of data processing, deadline for deletion of data: until the delivery/online payment is completed.
Potential controllers of the data: the personal data may be processed, subject to the principles set out above, by the following: the Service Provider, the Data Controller.
Description of the data subject's rights in relation to data processing: the data subject may request the data controller of the door-to-door delivery/online payment service provider to erase his/her personal data as soon as possible.
Legal basis for the transfer: the User's consent.
Data transferred to an external company
External online invoice
Name: szamlazz.hu
Data provided:
tax number
e-mail address
(company) name
address (country, city, street, number, floor, door)
Google
Google Adwords: I use it as an advertiser. The website/blog uses Google Adwords remarketing tracking codes. Remarketing is a feature that allows the website/blog to display relevant ads to users who have previously visited the site while browsing other sites in the Google Display Network. The remarketing code uses cookies to tag visitors. Users visiting the website can disable these cookies and find out more about Google's privacy practices by visiting the following links:
http://www.google.hu/policies/technologies/ads/
https://support.google.com/analytics/answer/2700409
If users disable remarketing cookies, they will not receive personalised offers on the website/blog.
Google Analytics: website/blog traffic data is measured by the Service Provider using the Google Analytics service. Data is transmitted when using this service. The data transmitted cannot be used to identify the data subject. For more information on Google's privacy policy, please visit: http://www.google.hu/policies/privacy/ads/.
Google remarketing user
The aim of remarketing:
Reminder for website remarketing
Reminder blog remarketing
Facebook
For advertising purposes
The aim of remarketing:
website reminder remarketing
blog reminder remarketing
Newsletter
I use an external mailer
My external service provider:
mailchimp.com
mailchimp.com/legal
Send newsletter
(Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, § 6)
(1) Unless otherwise provided by a special law, advertising may be communicated by means of direct solicitation of natural persons as the addressee of the advertising (hereinafter referred to as "direct marketing"), in particular by electronic mail or by other equivalent means of individual communication, with the exception of the provisions of paragraph (4), only if the addressee of the advertising has given his or her prior, clear and express consent.
(2) A statement of consent may be given by any means which includes the name of the person giving the consent and, where the advertising to which the consent relates is restricted to persons of a certain age, the date and place of birth, the categories of personal data to which the person giving the consent consents, and the expression of consent voluntarily and after having been duly informed.
(3) A declaration of consent pursuant to paragraph (1) may be withdrawn at any time, without restriction and without giving any reason, and free of charge. In such a case, the name and all other personal data of the declarant shall be deleted without delay from the register provided for in paragraph 5 and no further advertising as referred to in paragraph 1 may be communicated to him or her.
(4) Addressed direct mail may be sent to a natural person as the recipient of the advertisement for direct marketing purposes without the prior and express consent of the recipient, but the advertiser and the advertising service provider shall ensure that the recipient of the advertisement may at any time prohibit the sending of the advertisement free of charge and without restriction. In the event of such a prohibition, no further direct marketing of advertising may be sent to the person concerned.
(5) The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent within the scope of the consent specified in paragraph (1). The data recorded in this register relating to the recipient of the advertising may be processed only in accordance with the consent given in the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
(6) The possibility to make a withdrawal declaration pursuant to paragraph (3) or to prohibit the sending of advertising pursuant to paragraph (4) shall be provided both by post and by electronic mail in such a way that the person making the declaration can be clearly identified.
(7) In connection with the advertising communicated in the manner specified in paragraph (1) or (4), the addressee shall be clearly and conspicuously informed of the address and other contact details where he may notify his wish to withdraw his consent to the communication of such advertising to him or to prohibit the sending of such advertising and, in the case referred to in paragraph (4), for this purpose, to the same addressee in the interest of the same advertiser in 2009. The first advertising mailing sent to the same advertiser after 1 October 2009 for the same advertiser for the same purpose shall include a reply letter allowing the cancellation, addressed by post, sent free of charge and registered post and delivered by certified mail.
(8) A direct request for consent pursuant to paragraph (1) shall not contain advertising, excluding the name and designation of the undertaking.
(9) For the purposes of this §, "direct mail" means a postal item containing only advertising, solicitation or promotional material - sent to at least 500 addressees at a time, with the same content, except for the name, address of the addressee and data that do not change the nature of the message - as defined in the Postal Services Act, but not separately specified therein.
Management of cookies, cookies
(REGULATION (EU) 2016/679/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))
By using the website/webshop, the person acknowledges the following:
Natural persons can be associated with online identifiers provided by the devices, applications, tools and protocols they use, such as IP addresses and cookie identifiers, as well as other identifiers, such as radio frequency identification tags. This can generate traces that, when combined with unique identifiers and other information received by servers, can be used to create a personal profile of an individual and identify that individual.
Remedies
(REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Article 79)
(1) Without prejudice to the administrative or non-judicial remedies available, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, any data subject shall have an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data not in accordance with this Regulation.
(2) Proceedings against a controller or processor shall be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought in the courts of the Member State in which the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in its exercise of official authority.
In case of a possible infringement, you can lodge a complaint with the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, P.O. Box 5.
Phone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: [email protected]
The right to compensation
(REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Article 82)
(1) Any person who has suffered pecuniary or non-pecuniary damage as a result of an infringement of this Regulation shall be entitled to receive compensation from the controller or processor for the damage suffered.
(2) Each controller involved in the processing shall be liable for any damage caused by processing in breach of this Regulation. A processor shall be liable for damage caused by processing only if it has failed to comply with the obligations expressly imposed on processors by this Regulation or if it has disregarded or acted contrary to lawful instructions from a controller.
(3) The controller or processor shall be exempted from liability under paragraph 2 of this Article if he proves that he is not in any way responsible for the event giving rise to the damage.
(4) Where more than one controller or more than one processor, or both controller and processor, are involved in the same processing and are liable for the damage caused by the processing pursuant to paragraphs (2) and (3), each controller or processor shall be jointly and severally liable for the entire damage in order to ensure that the data subject is effectively compensated.
(5) Where a controller or processor has paid full compensation for the damage suffered in accordance with paragraph (4), it shall be entitled to recover from the other controllers or processors involved in the same processing that part of the compensation corresponding to the extent of their liability for the damage under the conditions laid down in paragraph (2).
(6) Legal proceedings for the enforcement of the right to compensation shall be brought before the court having jurisdiction under the law of the Member State referred to in Article 79(2).
References
The following legislation has been taken into account in the preparation of this leaflet:
Act CXII of 2007 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
Act CVIII of 2007 - on certain aspects of electronic commerce services and information society services (in particular § 13/A)
Act XLVII of 2007 - on the prohibition of unfair business-to-consumer commercial practices
Act XLVIII of 2007 - on the basic conditions and certain restrictions on economic advertising (in particular § 6)
Act XC of 2007 on the freedom of electronic information
Act C of 2006 on electronic communications (specifically § 155)
Opinion No 16/2011 on the EASA/IAB Recommendation on best practice on behavioural online advertising
REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation)
English
