The Simonfay Wine Mansion Webshop Privacy Notice
(hereinafter referred to as “information” or “Privacy Notice”)
1. Basic provisions
2018 July 26 The European 2016/679 Union’s new Data Protection Regulation (GDPR), hereinafter referred to as “the regulation” or “GDPR”, was also directly applicable from the date of 2011 on freedom of information. CXII. Law (Law of Info). The company hosting the website (Simonfay Agricultural, producer Limited Company, registered office: 1061 Budapest, Andrássy út 36., Cg. 01-09-731681) is a controller within the meaning of the regulation, i.e. the regulation is a person shall also apply in respect of data.
To determine the privacy and data protection provisions, the principles of the company’s privacy and data management policy.
1.3 Applicable law
- As stated above, 2011 on information self-determination and freedom of information. CXII. Law (“Infotv.”),
- 2013 on the Civil Code. Act V of the Year (“Civil Code”),
- And 2008 on the basic conditions and limits of economic advertising. XLVIII. Law (“Grtv.”).
1.4 Scope of the prospectus
The scope of the prospectus includes only explicit and explicit information on the services and data processing that are available to promotions, contests, and services of third parties that advertise or otherwise display on the website. , other campaigns, and the content they publish.
The information is not covered by the links or content of the company’s website.
1.5. Amendment of the prospectus
The prospectus may be amended on the basis of the company’s unilateral decision, in accordance with the provisions of all applicable legislation. Users accept the GTC as well as the user terms and this notice without any further activity by registering and entering the website.
2. Terms and Meanings
The meanings of the terms in the prospectus, taking into account the relevant legal concepts, are as follows.
2.1. Processing Any operation or set of operations performed on personal data or data files by automated or non-automated means, such as collection, recording, organizing, outage, storage, adaptation or alteration, retrieval, consultation, Use, disclosure by transmission, dissemination or otherwise making available, alignment or interconnection, restriction, erasure or destruction.
2.2. Controller: The natural or legal person, public authority, agency or any other body that determines the purposes and means of the processing of personal data alone or jointly with others.
2.3. Personal data or data: Any information relating to an identified or identifiable natural person (‘ data subject ‘); The natural person who is directly or indirectly identifiable, in particular by an identifier such as a name, number, location data, online identification or a natural person’s physical, physiological, genetic, intellectual, economic, cultural, Identified by one or more factors relating to the identity of the relevant or social.
2.4. Processing: The natural or legal person, public authority, agency or service provider who manages personal data on behalf of the data controller.
2.5. Concerned: The natural person who makes personal data or whose personal data is made available to the company.
2.6. External service provider: Third party service partners, whether directly or indirectly, by the data controller or the operator of the website in connection with the provision of certain services, to which the personal Transferred or transferred to the company. In addition, providers of services that are not in collaboration with the company or in conjunction with service operators are also considered to be third-party suppliers, but by accessing the website, data subjects may be collected, may be used independently or in conjunction with other data to identify the data subject. During the provision of hosting services, the company will also consider the data subject as an external provider for the processing activity of the repository it uses.
2.7. Information: The company’s present data processing information.
3. Identity and activity of the controller
Name: Simonfay Agricultural, producer limited liability company
Head Office: 1061 Budapest, Andrássy út 36.
Registration Number: 01-09-731681, registered by the Budapest Court of Business Court
Phone: + 36 30 414 2541
Data Protection officer: The Info. Under the law of a data protection officer to designate the company is not obliged.
Data Protection officer’s position: –
The data controller is a business association incorporated in Hungary.
The Data Manager operates the website, which is created for the sale of the company’s products, has a commercial relationship with suppliers and buyers, and may also operate other units.
4. Basic principles of data processing according to the applicable legislation
4.1 Legality, fairness
The data shall be processed lawfully and fairly and in a transparent manner to the person concerned. The company handles only the data specified by law or provided by data subjects or their employer/sponsor/customers for the purposes set out below. The personal data processed is always proportionate to the purpose of the processing and may not be overspread.
The data shall be necessary and relevant for the purposes of the processing and shall be accurate and, where necessary, kept up to date.
4.3 Purpose limitation
In all cases where the company intends to use the personal data for purposes other than the purpose of the original recording, it shall inform the person concerned and obtain the prior express consent or opportunity to do so; To prohibit use.
The personal data provided to the company is not verified. Only the person who provided the personal data is responsible for the compliance.
4.5 Limited Storage
It must be stored in a form that permits the identification of data subjects only for the time necessary to achieve the purposes for which the personal data are processed.
4.6. 16. The data protection of persons not in
The 16th Personal data of a person who is not a member of the age of the child shall be treated only if the consent of the adult who has been supervised. The company is not in a position to verify the eligibility of the contributor or the content of its statement so that the person concerned or his/her parental authority guarantees that the consent is in accordance with the law. In the absence of a contributing statement, the company is 16. Personal data relating to a person who has not been charged.
4.7 The company does not disclose the personal data it manages to any third party other than the data processors and external service providers specified in the prospectus.
The processing of data shall be carried out in such a way as to ensure that personal data are adequately secured by appropriate technical and/or organizational measures.
An exception to the provision in this section is the use of data in a statistically aggregated form, which may not contain any other information capable of identifying the affected person.
In certain cases, the company may, as a result of a formal judicial, police request, legal process, copyright, property or other infringement, or a reasonable suspicion thereof, prejudice the interests of the company, endangering the provision of services, etc. – Make available to third parties accessible personal data for the data subject.
4.8 The company may rectification, restriction or limitation of the personal data it manages. The data subject and notify the person who has previously transmitted the personal information for the purposes of the processing. The notification may be omitted if it does not prejudice the legitimate interest of the data subject in view of the purposes of the processing.
4.9 According to the regulation, the company is not obliged to designate a data protection officer, because the company does not constitute a public authority or body with a public mission, the company’s activities do not involve any operation Require systematic and systematic, high-level surveillance of the company and no personal data relating to decisions and offenses relating to the determination of criminal liability or to the society.
5. Legal basis for processing
5.1 the Info. and the 6th GDPR. Where data subjects ‘ personal data may be handled:
(a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) The processing is necessary for the performance of a contract in which the data subject is a party or is required to take steps at the request of the data subject prior to the conclusion of the contract;
(c) The processing is necessary for the fulfillment of a legal obligation to which the controller is subject;
(d) The processing is necessary for the protection of vital interests of the data subject or of another natural person;
(e) The processing is necessary for the execution of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
(f) processing is necessary for the legitimate interests of the controller or of a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which make the protection of personal data Particular if the child concerned.
5.2. Subject to the nature of the company’s activities, the legal basis of the processing is primarily the voluntary, duly informed explicit consent of the data subject (Infotv.) 5. § (1) (a)), in the preparation of, or after the establishment of, any contractual obligation between the company and the person concerned or his/her employer/sponsor, point 5.1 (b) above and Point 5.1. C of the regulation. For areas monitored by the camera, point 5.1. D of the regulation above. In the course of performing a task for the person concerned, whether for his/her employer/sponsor, he or she will contact the company or voluntarily register or voluntarily use the service of the company. In the absence of a data subject’s consent, the company only manages data if it is expressly authorized by law.
5.3 where data management is based on consent, the controller must be able to demonstrate that he has consented to the processing of the data subject’s personal information.
5.4 The data subject shall have the right to withdraw his consent at any time in respect of the processing for which the regulation is subject to paragraph 5.1 (a) above. The withdrawal of consent shall be without prejudice to the lawfulness of processing based on consent and prior to revocation, as well as under Points 5.1 (b) and/or C) and/or 5.1 (d) of the regulation.
5.5 The transfer of data to processors specified in the prospectus may be carried out without the specific consent of the data subject. The issue of personal data to a third party or to the public authorities, unless otherwise specified by law, is only possible on the basis of a final official decision or, in the case of explicit consent of the data subject.
5.6 Surveillance cameras operated by the company in premises open for customer turnover and in storerooms may be operated for property protection purposes. This is based on article 6 of the Regulation. (1) (d) of this article.
5.7 The data controller shall be the USER’s IP address in connection with the provision of the service by the user upon entry into each website, in the light of the data controller’s legitimate interest and for the lawful provision of the service (e.g. unlawful Use, or To prevent illegal content), without the user’s explicit consent.
5.8 In the event of any user’s e-mail address as well as information provided during registration (e.g. user name, ID, password, etc.), it is responsible for taking responsibility for the specified e-mail address or Use of the information provided by him. In view of this responsibility, any liability associated with access to a given e-mail address and/or data shall be borne solely by the user who registered the email address and provided the information.
6. Purpose of data processing
The data shall be processed lawfully and fairly and in a transparent manner to the person concerned. The company endeavors to handle only personal data that is indispensable for the purpose of the processing and is capable of achieving the objective. Personal data can only be handled to the extent and for the time necessary to achieve the goal. The purpose of the processing is primarily to ensure the operation of the website and the provision of the data controller’s services, its commercial and contractual relationships.
Purpose of the processing based on the above:
- Identification of the data subject, communication with the
- The preparation of the contract for the purchase of the website, the performance of contractual obligations by the Controller and the enforcement of its rights;
- Provide the data subject with concise, transparent, understandable and easily accessible information
- The existence and fulfillment of legal transactions between the company and the data subject in the company’s activities
- Payment of the toll service, the collection of the fee, the billing
- The performance of the obligations of the Controller, the exercise of the rights of the data controller
- Analysis, production of statistics, development of services for this purpose the controller will use only anonymized data, non-personally identifiable aggregations
- For the specific consent of the data subject, advertising, research
- The protection of the rights of the data subject, paying particular attention to the fact that, under the provisions of the legislation currently in force, Hungary may not be sold alcoholic beverages under 18.
7. Place of origin of the data
The company processes only the personal data provided by persons using the data subjects or the Data subjects ‘ service (work) to prepare/fulfill the transaction and does not collect data from other sources.
The data is entered during the registration of the affected person. The data subject will provide the name, email address, password, and age of the registration, and declare that he or she has completed the procedure in Title 18. Years old.
If the data subject registers and enters his/her information in a promotion organized by the data manager, he agrees to the processing of his or her personal data. In this case, the data manager only manages the information provided during the promotion.
If the company organizes a prize game, the consent of the data subject is required to participate in it separately.
8. Type of data processed
In accordance with the relevant legislation, the Company shall only comply with the provisions of paragraph 8. Personal data provided under point (a). The data processed are as follows:
Company-managed data may have the following purposes:
- Registration data: In the context of the registration required for the purchase on the website, the name, first name, e-mail address, password, telephone number and, if applicable, the number of the club membership, It also allows you to purchase from the web shop by entering your age/answering a question.
- Information provided during marketing Enquiries: In the course of A marketing request made by the company, the data subject shall provide his name, e-mail address, telephone number, and address. The legal basis of data processing is the consent of the data subject, the primary purpose of the processing is to communicate with marketing, information, newsletter or 2008. XLVIII. Tv. Send a direct request under paragraph 6 (1).
- Supplier Information: The company is involved in business cooperation with its suppliers and, in the case of data processing, the person concerned or his/her employer/sponsor/customer gives the relevant name, e-mail address, and telephone number. The legal basis for processing is the fulfillment of contracts and the fulfillment of legal obligations.
- Data provided in the course of public research: the company’s public opinion will be used to manage, record and use the information provided by the data subject in future surveys. For the management of such data, the company is the 9th GDPR. Pursuant to point (e) of paragraph 2 of this article.
- Billing information. In the event that the relevant consideration is made to the company, the company and the accountable shall manage payment and invoicing data in accordance with the rules applicable to it (method of payment, details of the device used to pay, invoicing The customer’s name, address, VAT number). The legal basis of the processing is partly the consent of the data subject, and partly compliance with the provisions on taxation and accounting legislation. The purpose of the processing is the billing and collection of fees.
- Data provided during authentication, documents. The persons concerned shall have the possibility, in the cases specified by the company, that they have the obligation to authenticate themselves, subject to the conditions set out in Annex 11 below. In this section. Processing of documents in the 11. In this section. The purpose of the processing is to control the person concerned.
In addition to the above, the company manages the technical data, including the IP address, in article 13. Described in this section.
9. Process of data processing
The source of the data is the person concerned or an entity with an employment/assignment/business relationship, who (i) in the course of any registration and/or (ii) During the preparation, establishment or performance of the legal transaction and/or (iii) The newsletter or 2008. XLVIII. Tv. When making a statement of direct contact pursuant to § 6 (1) of this article. The information in the registration form is mandatory unless explicitly stated otherwise.
The data subject provides the information independently, and the company does not provide any mandatory guidelines and does not raise any content expectations. The data subject expressly consents to the processing of the information provided. The data subject is entitled to provide other information in his profile in addition to the data requested by the company, the legal basis for the processing of the information, in this case, is the voluntary consent of the concerned.
If the data subject registers a promotion organized by the company (e.g. on Facebook) and provides the information requested, he/she shall accept the privacy notice associated with that promotion. In this case, by entering the information, the data subject does not register on the site but agrees to manage the information provided in the promotion information.
10. Processing of documents
If necessary for the purpose of verifying the customer’s identity, the data subject has the possibility to provide the company with personal information. This may also be an obligation in the narrow scope laid down by law.
Except as required by the company, the data subject has the option of publishing the documents with the deletion of personal information. If the data subject does not delete the information, the disclosure will contribute to the disclosure of the data.
If the company does not require the disclosure of documents with personal data and provides the possibility to delete the data, the company will not be liable for any disclosures.
The purpose of the authentication process is to enable the company to ascertain the authenticity of the person concerned. The company verifies that the indicated contract intent is a truly natural person. After the verification, the company will delete the photos and data from the site, but they will be stored in other storage until the legal basis of the processing has ceased. The purpose of the processing is to authenticate the data subjects and to facilitate the lawful fulfillment of the legal transaction after its creation.
12. Newsletters, Commercials
The data subject may contribute to the company contacting and sending a newsletter or advertisement using the method of direct inquiry. The advertisement can be sent by post, by telephone (including SMS) or by e-mail (including Facebook Messenger), but the data subject should always contribute to this. The data subject may withdraw his consent at any time, without justification, in writing.
Cookies are the variable-content alphanumeric information sent by the Web server and stored on the user’s computer for a predefined period of validity.
The company system can automatically record the IP address of the affected computer, the start time of the visit, and, in some cases, the type of browser and operating system depending on the setting of the computer. The data recorded in this way cannot be linked to other personal data. Data management is for statistical purposes only. Cookies allow the site to recognize, identify, and record past visitors. Cookies Help the company, as the website operator, to optimize the website in order to tailor the services of the site to the custom of the data subjects. Cookies are also suitable for
- The settings so that they do not have to be re-recorded by the data subject when entering a new page,
- Remember the previously entered data, so they do not need to be re-typed,
- Analyze the use of the website in order to ensure that, as a result of improvements made using the information thus obtained, the data subject’s expectations will be easily Information and
- We monitor the effectiveness of our advertisements.
If the company uses external Web services to display various content on the website, it may result in the storage of some cookies that are not supervised by the company and therefore have no control over the use of these websites or external Which data are collected by the domain. These cookies are provided by the policies for that service.
14. Data transmission
The company transmits personal data to a third party only if the data subject has clearly consented to it, in the light of the information transmitted and the recipient of the data transmission, or is authorized by law or the Company performs statutory obligations (e.g. keeping records, accounting).
The Company shall be entitled and obliged to transmit to the competent authorities all personal data which are at its disposal and which it has been duly stored, which obliges him to transmit personal data to him by law or by a final authority. Due to such transfers and the resulting consequences, the company cannot be held responsible.
In all cases, the company documents the transfers and maintains a record of the transfers.
15. Data Processing
The company shall use a processor authorized to perform its activities. Processors do not make an autonomous decision, they are entitled to act only in accordance with the contract concluded with the company and the instructions received, as well as with the strict provisions of applicable law. The company verifies the work of the data processors. Processors shall be entitled to use an additional data processor only with the company’s consent. The company may only use processors who provide appropriate safeguards for the compliance of the processing and the implementation of appropriate technical and organizational measures to ensure the protection of the rights of the data subjects.
The processor shall not be able to use any additional processor without prior written or general authorization by the company. In the case of a general written authorization, the processor shall inform the Company of any intended change concerning the use of or the exchange of additional processors, thereby providing the company with an opportunity to To oppose these changes.
The company shall designate the processors used in the prospectus.
Data processors used by the company:
- Hosting and domain provider: one.com – Kalvebod Brygge 24 DK-1560 Copenhagen Denmark
- Website Author: ReeSite Design v. Jozsef Kontra entrepreneur 2440 Százhalombatta, László Tóth u. 5. Hungary
- Raiffeisen Bank
- Newsletter sending system for this website: MailChimp, Data Processor name: The Rocket Science Group LLC/MailChimp, Address: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA, processing purpose: Newsletter sending
- Legal partner: Simonfay law Firm (1061 Budapest, Andrássy út 36.)
- Accountant: Multiservice Consulting Ltd. (1061 Budapest, Andrássy út 36.)
16. External Service Providers
The company takes advantage of third-party service providers that cooperate with third party service providers.
The company informs data subjects about the transmission of information to external service providers in the context of this information.
External Service Providers:
- Magyar Posta Zrt. (1191 Budapest, Üllői út 114-116.)
- Facebook, Data processor name: Facebook INC., Address: 1601 WILLOW ROAD MENLO PARK, CA 94025, data processing purpose: Marketing
- Instagram, Data Processor name: Facebook Ireland Ltd., Address: 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland, data processing purpose: Marketing
- YouTube, Data Processor name: Google LLC., Address: Mountain View, California, United States, data processing purpose: Marketing
- Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States), data processing purposes: marketing, advertising
- Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-7329, USA), Data processing purpose: marketing, advertising
- The contracted courier companies, the purpose of the processing: delivery.
17. Data Security related tasks
The Company shall ensure the security of the data, take the technical and organizational measures and establish the procedural rules necessary to enforce the applicable laws, data and confidentiality rules. The Company shall use appropriate measures to protect the data against unauthorized access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction and damage, and the technique used Inaccessible.
The company and the processor are the state of the Art of science and technology and the costs of implementation, as well as the nature, scope, context and purposes of the processing and the varying likelihood and severity of the rights and freedoms of natural persons, Taking into account the risk of seriousness, appropriate technical and organizational measures are implemented to ensure a level of data security appropriate to the degree of risk.
The company, in the context of the above:
- Ensure protection against unauthorized access, including the protection of software and hardware devices, and physical protection (Access Protection, network protection);
- Take measures to ensure the recovery of data files, regular backups;
- Take action on virus protection.
18. Duration of data processing
The company will delete personal data in accordance with applicable law,
- a) If it is found that the data are processed illegally, the company shall implement the cancellation without delay.
- b) Where requested by the concerned (except for statutory data treatments).
The deletion of data processed on the basis of the relevant voluntary consent may be requested by the concerned. In this case, the company will delete the data. Deletion may be refused only if the processing of the data is authorized by law. In all cases, the company will provide information on the refusal of a declaration of invalidity and the law permitting the processing.
c) If it becomes known that the data is incomplete or incorrect, and this condition cannot be remedied lawfully, provided that the deletion is not ruled out by law.
d) If the purpose of the processing has ceased or the time limit for storing the data laid down by law has expired;
Deletion may be refused (i) where the processing of personal data is authorized by law; And (ii) necessary for legal protection, enforcement.
- (e) The court or the national data Protection and Information Authority has ordered
If a court or the national data protection and information Law orders the deletion of the data legally, the erasure will be executed by the data controller.
Instead of erasure, the company will, in addition to informing the data subject, block the personal data if the data subject so requests or if, on the basis of the information available to it, it is assumed that the deletion would violate the legitimate interests of the data subject. The personal data that is locked in this way can only be handled as long as there is a processing purpose that has excluded the deletion of the personal data. The company shall indicate the personal data it manages if the person concerned disputes the correctness or accuracy of the data subject, but the incorrect or inaccurately of the disputed personal information cannot be ascertained.
In the case of statutory data processing, the deletion of data is governed by the provisions of the law.
In the event of deletion, the company makes the data unsuitable for identification. If required by law, the company will destroy the media containing personal data.
In all cases, the company informs the data subject of any refusal to grant a declaration of invalidity, stating the reasons for refusing the deletion. Once a request for the deletion of personal data has been made, the previous (deleted) data can no longer be recovered.
Newsletters sent by the company can be described via the unsubscribe link in the newsletter. In the event of an unsubscribe, the company will delete the personal data of the data subject in the newsletter database.
19. Data subjects ' rights in relation to processing
19.1 The company informs the person concerned about the processing of the data at the same time as the contact. The data subject is also entitled to request information about the processing at any time.
The data subject shall have the right to receive from the company feedback as to whether the processing of personal data is ongoing and, where such processing is ongoing, shall have the right to obtain access to personal data and information The purpose of the processing, the categories of personal data concerned, the categories of recipients or recipients to whom the personal data have been communicated or will be communicated, the intended period of storage of the personal data, or If this is not possible, the criteria for determining that period. The data subject has the right to request from the controller rectification, erasure or restriction of processing of personal data relating to him and to object to the processing of such personal data. They shall also have the right to lodge a complaint with a supervisory authority or, where the data are not collected from the concerned, any available information concerning their source.
19.2 The data subject shall have the right to request the controller to correct inaccurate personal data concerning him without undue delay. Taking into account the purpose of the processing, the data subject is entitled to request the addition of incomplete personal data, including by means of a supplementary statement.
19.3 The data subject may request the company to delete the personal data relating to him without undue delay, except as provided for in the legislation. The company informs the person concerned about the cancellation.
19.4 The data subject may object to the processing of his or her personal data as specified in the Infotv.
19.5 The request for information, rectification or erasure may be submitted in writing to the company’s registered office, by mail to its premises or by e-mail to firstname.lastname@example.org
19.6 The data subject may request that the processing of his/her personal data be limited by the company if the data subject disputes the accuracy of the processed personal information. In this case, the restriction will apply for the period of time that allows the company to verify the accuracy of the personal data. The company shall indicate the personal data it manages if the person concerned disputes the correctness or accuracy of the data subject, but the incorrect or inaccurate information of the disputed personal particulars cannot be clearly identified.
The data subject may request that the processing of his or her personal data be restricted by the company even if data management is unlawful, but the data subject opposes the erasure of the processed personal data and requests the restriction of their use instead.
The data subject may also request the company’s restriction of the processing of his or her personal data if the purpose of the processing is achieved, but the data subject requires the company’s management of any legal claims to be made, enforced or protected.
19.7 The data subject shall have the right to receive the personal data concerning him or her which he has made available to a controller in a structured, commonly used and machine-readable format, and shall have the right to a Data controller, without impeding it from the data processor to which it has provided the personal data.
19.8 In the event that the company does not comply with any request for rectification, blocking or cancellation of the data subject, the reasons for rejecting the request for rectification, blocking or erasure shall be communicated in writing within 30 days of receipt of the request. In the event of rejection of the request for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of recourse to the judicial remedy and to the national Authority for data protection and freedom of information.
19.9 The data subject may submit the above declarations relating to the exercise of his rights to the controller in paragraph 2. is available at.
19.10 You may apply directly to the national data Protection and Information Authority (address: 1125 Budapest, Szilágyi Erzsebet Fasor 22/C.; Phone: + 36-1-391-1400; e-mail: email@example.com; Website: www.naih.hu). In the event of a breach of the data subject’s rights, Infotv. 22. § (1) to the court. The court has jurisdiction to adjudicate the litigation. The trial may be brought before the Tribunal of the place of residence or residence of the person concerned, according to the choice of the data subject. The data controller shall, upon request, provide detailed information on the possibility and means of redress.