Privacy Policy

Effective as of: June 29, 2023

Data Controller and Data Processor

Name: HGreen Web Kft.

Headquarters: 9029 GyƑr, SĂĄrĂĄsi Ășt 1/D/4.

Mailing Address, Complaints Management: 9029 GyƑr, SĂĄrĂĄsi Ășt 1/D/4.

Email: inf@vitalgaeshop.com

Website: https://vitalgaeshop.com/

Purpose of the website: Operation of the online store, sale of products, education

Definitions

"Personal data": any information relating to an identified or identifiable natural person ("data subject"); a natural person is identifiable who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

"processing": any operation or set of operations performed on personal data or on a set of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

"Restriction of processing": the marking of stored personal data with the aim of limiting its future processing;

"controller": a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

"Processor": a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

"Third party": a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, or the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data;

"Consent of the data subject": a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

"Data breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to personal data transmitted, stored, or otherwise processed.

The main laws on which data processing is based:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: Regulation).

Description of data processing during the operation of the online store and the website

Data collection during the operation of the online store and the website

The data controller collects the following data from users during the operation of the online store and the website:

User data: Name, email address, billing and shipping address, phone number, username, and password.

Purchase data: Product name, price, quantity, order number, order date, payment method.

The purpose of data collection and processing during the operation of the online store and the website is to identify the buyer and ensure that the product is safely delivered to the end user, the buyer.

A description of data processing for each individual process is available in the following sections of this notice.

Information on the Use of Cookies

What is a cookie?

The data controller uses so-called cookies during your visit to the website. A cookie is a small file containing letters and numbers that our website sends to your browser to store certain settings, facilitate the use of our website, and help us collect relevant statistical information about our visitors. Some cookies do not contain personal information and are not capable of identifying an individual user, but some of them contain an individual identifier—a secret, randomly generated number—that is stored by your device to ensure your identifiability. The duration of each cookie is specified in the description of each cookie.

The legal basis for cookies:

The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the Regulation.

 

The main characteristics of the cookies used by the website:

Session cookie: These cookies store the visitor’s location, browser language, and payment currency; their lifespan ends when the browser is closed or after a maximum of 2 hours.

Adult content cookie: These cookies record the fact that the user has consented to adult content and confirm that the user is over 18 years of age. They remain active until the browser is closed.

Referrer cookies: These cookies record which external site the visitor came from. They remain active until the browser is closed.

Recently Viewed Products Cookie: This cookie records the products the visitor has most recently viewed. It lasts for 60 days.

Last viewed category cookie: It records the last category viewed. Its lifespan is 60 days.

Recommended product cookies: Using the "Recommend to a friend" feature, it records the list of recommended products. Its lifespan is 60 days.

Mobile version, design cookie: It detects the visitor’s device and switches to full view on a mobile phone. Its lifespan is 365 days.

Cookie Acceptance Cookie: Upon arrival on the site, it accepts the cookie policy in the pop-up window. It lasts for 365 days.

Shopping Cart Cookie: It records the products added to the shopping cart. Its lifespan is 365 days.

Smart Offer Cookie: It records the conditions for displaying smart offers (e.g., whether the visitor has already been to the site, whether they have an order). Its lifespan is 30 days.

Logout #2 Cookie: In accordance with Option #2, the system logs the visitor out after 90 days. Its lifespan is 90 days.

Backend Identifier Cookie: The identifier of the backend server serving the site. It lasts until the browser is closed.

Google AdWords Cookie: When someone visits our site, the visitor’s cookie ID is added to our remarketing list. Google uses cookies such as NID and SID in Google products to personalize ads in Google Search. Such cookies are used, for example, to store your recent search queries, your previous interactions with individual advertisers’ ads or search results, and your visits to advertisers’ websites. The AdWords Conversion Tracking feature uses cookies. To track sales and other conversions from ads, it stores cookies on the user’s computer when that person clicks on an ad. Some common uses of cookies include: selecting ads based on what is relevant to the user, improving reports on campaign performance, and preventing the display of ads the user has already seen.

Google Analytics Cookie: Google Analytics is Google’s analytics tool that helps website and app owners gain a clearer picture of their visitors’ activities. The service may use cookies to collect information and generate reports on statistical data regarding website usage without identifying individual visitors to Google. The main cookie used by Google Analytics is the “ga” cookie. In addition to generating reports on statistical data regarding website usage, Google Analytics can also be used in conjunction with some of the advertising cookies described above to display more relevant ads in Google products (such as Google Search) and across the internet.

Remarketing cookies: These may be shown to former visitors or users when they browse other websites on the Google Display Network or search for terms related to your products or services.

Strictly Necessary Cookies: These cookies are essential for using the website and enable the use of the website’s basic functions. Without them, the site would not be able to provide many features to you. The lifespan of this type of cookie is strictly limited to the duration of the session.

Cookies to improve the user experience: These cookies collect information about how the user interacts with the website, such as which pages they visit most frequently or which error messages they receive from the website. These cookies do not collect information that identifies the visitor; that is, they work exclusively with general, anonymous information. The insights gained from this data are used to improve the website’s performance. The lifespan of this type of cookie is strictly limited to the duration of the session.

Facebook Pixel (Facebook Cookie): The Facebook Pixel is a code used to generate conversion reports, create target audiences, and provide the website owner with detailed analytical information about how visitors use the website. With the help of the Facebook Pixel, personalized offers and advertisements can be displayed to website visitors on the Facebook interface. You can review Facebook’s privacy policy here: https://www.facebook.com/privacy/explanation.

Cookie Settings: You can revoke your acceptance of cookie settings at any time by clicking the cookie icon in the lower-left corner of the screen (on mobile devices, the icon is located in the mobile menu).

If you do not accept the use of cookies, certain features will not be available to you. For more information on deleting cookies, please visit the following links:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito

Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data- sfri11471/mac

Chrome: https://support.google.com/chrome/answer/95647

Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Data Processing for the Purpose of Concluding and Fulfilling the Contract

Various data processing activities may take place for the purpose of entering into and fulfilling a contract. Please note that data processing related to complaint handling and warranty claims only occurs if you exercise one of the rights listed above.

If you do not make any purchases through the online store but are merely a visitor to the online store, the aspects mentioned under “Data processing for marketing purposes” may apply to you if you provide us with your consent for marketing purposes.

Detailed data processing procedures in the interest of concluding and fulfilling the contract:

Contact

For example, when you contact us via email, contact form, or phone with questions about a product.

Prior contact is not mandatory; you can place an order in the web shop at any time without it.

Data Processed

The data you provide when contacting us.

Duration of data processing

The data will only be processed until the contact is concluded.

Legal basis for data processing

Your voluntary consent, which you provide to the data controller by contacting us. [Regulation Article 6 (1) (a) on data processing].

Registration on the website

By storing the data provided during registration, the data controller can offer a more convenient service (e.g., the data subject does not have to re-enter their data for a subsequent purchase). Registration is not a prerequisite for entering into a contract.

Data Processed

As part of data processing, the data controller processes your name, address, phone number, email address, the characteristics of the purchased product, and the time of purchase.

Duration of data processing

Until you withdraw your consent.

Legal basis for data processing

Your voluntary consent, which you provide to the data controller by registering. [Regulation Article 6(1)(a) on data processing].

Logging in to the web shop without registration

Processed data

As part of data processing, the data controller processes your name, address, phone number, email address, the characteristics of the purchased product, and the time of purchase.

Duration of data processing

Until the expiration of the period for exercising the right of withdrawal for the purchase in the online store.

Legal basis for data processing

When making a purchase in the online store, signing the contract is a prerequisite. Without providing personal data, the purchase in the online store cannot be initiated.

Purpose of data processing

For purchases in the online store, it is necessary to register buyers, distinguish them from one another, and verify the existence of a contractual relationship.

Order processing

When processing orders, data processing activities are necessary to fulfill the contract.

Processed data

As part of data processing, the data controller processes your name, address, phone number, email address, the characteristics of the purchased product, the order number, and the time of purchase.

If you have placed an order in the online store, data processing and the provision of data are essential for the fulfillment of the contract.

Duration of data processing

The data is processed for 5 years in accordance with the civil statute of limitations.

Legal basis for data processing

Contract performance. [Regulation Article 6(1)(b) on data processing].

Invoicing

The data processing is carried out to issue a legally compliant invoice and to fulfill the obligation to retain accounting records. In accordance with legal provisions, businesses are required to retain accounting records that directly or indirectly support the financial statements.

Processed data

Name, address, email address, phone number.

Duration of data processing

Issued invoices must be retained for 8 years from the date of issuance in accordance with legal requirements.

Legal basis for data processing

The issuance of an invoice is required by law and must be retained for 8 years in accordance with accounting laws [Regulation Article 6(1)(c) on data processing].

Recipients of data processing related to invoicing, data processors

Name of the recipient: Billingo Technologies Zrt.

Recipient’s address: Budapest, Árbóc utca 6, 1133

Recipient’s email address: hello@bilingo.hu

Recipient’s website: www.bilingo.hu

Billingo Technologies Zrt. provides our company with the billing software based on our subscription. Billingo Technologies Zrt. processes the data in accordance with its privacy policy, which is available on its website.

Recipients and processors of data related to payments

Recipient’s name: PayPal Inc.

Recipient’s website: www.paypal.com

PayPal Inc. provides our company with the option of online payment based on our subscription. PayPal Inc. processes the data in accordance with its privacy policy, which is available on its website.

Recipient’s name: Stripe Inc.

Recipient’s website: www.stripe.com

Stripe Inc. provides our company with the option of online payment based on our subscription. Stripe Inc. processes the data in accordance with its privacy policy, which is available on its website.

Data processing in connection with the delivery of goods

Data processing is carried out for the purpose of delivering the ordered goods.

Processed data

Name, address, email address, phone number.

Duration of data processing

The data controller processes the data for the duration of the delivery of the ordered goods.

Legal basis for data processing

Performance of a contract [Article 6(1)(b) of the General Data Protection Regulation].

Recipients and processors of data related to the delivery of goods

Name of the recipient: iLogistic Kft. Fulfillment – Webshop Logistics

Recipient’s address: BiatorbĂĄgy, CTPark Budapest West, VerebĂ©ly LĂĄszlĂł u. 2, 2051

Recipient’s website: www.ilogistic.hu

The courier service participates in the delivery of the ordered goods on the basis of a contract with the data controller.

The courier service processes the personal data received in accordance with the privacy policy available on its website.

Return of the product in the event of exercising the right of withdrawal

Processed data

Name, address, phone number, and email address of the buyer.

Duration of data processing

Until the expiration of the period for exercising the right of withdrawal.

Legal basis for data processing

The service provider’s legal obligation.

Purpose of data processing

Fulfillment of the customer’s request (refund).

Handling other consumer complaints

The data processing takes place for the purpose of handling consumer complaints. If you have contacted us with a complaint, data processing and the provision of data are essential.

Data processed

Buyer’s name, phone number, email address, content of the complaint.

Duration of data processing

Warranty complaints are retained for 5 years in accordance with the provisions of the Consumer Protection Act.

Legal basis for data processing

It is your voluntary decision whether to contact us with a complaint, but if you do contact us, we are obligated to retain the complaint for 5 years in accordance with the provisions of the Consumer Protection Act [Regulation Article 6 (1) (c) on data processing].

Data Processed Regarding Proof of Consent

During registration, ordering, or newsletter subscription, the IT system stores the IT data associated with consent for the purpose of subsequent verifiability.

Processed data

Time of consent and IP address of the data subject.

Duration of data processing

Due to legal requirements, consent must be verifiable at a later date; therefore, the data is stored until the expiration of the statute of limitations following the termination of data processing.

Legal basis for data processing

This obligation arises from Article 7(1) of the Regulation. [Regulation Article 6(1)(c) on data processing].

Data processing for marketing purposes

Data processing in connection with the sending of newsletters

Processed data

Name, address, email address, phone number.

Duration of data processing

Until the data subject revokes consent.

Legal basis for data processing

Your voluntary consent, which you provide to the data controller by subscribing to the newsletter [Regulation Article 6(1)(a) on data processing].

Recipients and processors of data in connection with the distribution of newsletters

Recipient’s name: SalesAutopilot

Recipient’s address: Budapest, Zsolt u. 6-A, 5th Floor, Unit 1, 1016

Recipient’s website: www.salesautopilot.hu

SalesAutopilot provides our company with newsletter distribution services based on our company’s subscription. SalesAutopilot processes the personal data received in accordance with the privacy policy available on its website.

Data processing related to the sending and display of personalized advertising

Processed data

Name, address, email address, phone number.

Duration of data processing

Until consent is revoked.

Legal basis for data processing

Your voluntary, specific consent, which you provide to the data controller at the time of data collection [Regulation Article 6(1)(a) of the General Data Protection Regulation].

Remarketing

Data processing as a remarketing activity is carried out using cookies.

Processed data

Data processed by the cookies specified in the cookie notices.

Duration of data processing

The storage period of the respective cookie; further information can be found here:

General Google Cookie Policy: https://www.google.com/policies/technologies/types/

Google Analytics Information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=de

Facebook Information:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal basis for data processing

Your voluntary consent, which you provide to the data controller by using the website [Regulation Article 6(1)(a) on data processing].

Further data processing

Should the data controller wish to carry out further data processing, it will provide advance notice of the essential circumstances of the data processing (legal background and legal basis for data processing, purpose of data processing, scope of the data processed, duration of data processing).

We inform you that authorities may, based on a legal authorization, submit written requests for data, which the data controller is required to fulfill.

The data controller maintains a register of data transfers (which authority, which personal data, on what legal basis, and when the data was transferred by the data controller). Upon request, the data controller will provide information regarding the contents of the register, unless the law precludes such disclosure.

We inform you that no data transfer takes place during the activities. The data controller does not transfer data to third countries; no international data transfer occurs during the processes.

Principles of Data Processing

Healing Green Kft. declares that it processes personal data in accordance with the provisions of this Privacy Policy and in compliance with relevant legal regulations, with particular regard to the following points:

  • The processing of personal data must be lawful, fair, and transparent to the data subject (principles of lawfulness, fairness, and transparency).
  • The collection of personal data may only be carried out for specific, explicit, and legitimate purposes (purpose limitation).
  • The purpose of data processing must be appropriate and relevant and may only be carried out to the extent necessary (principle of data minimization).
  • Personal data must be accurate and up-to-date. Inaccurate personal data must be erased without delay (principle of accuracy).
  • Personal data must be stored in a manner that allows for the identification of data subjects only for as long as necessary. Longer storage of personal data may only take place if the storage is for purposes of public interest, scientific or historical research, or for statistical purposes (principle of storage limitation).
  • The processing of personal data must be carried out in such a way that the security of the personal data is ensured through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage (principles of integrity and confidentiality).
  • The data protection principles must apply to all information relating to an identified or identifiable natural person.

Your Rights During Data Processing

During the duration of data processing, you have the following rights in accordance with the provisions of the Regulation:

  • the right to withdraw consent,
  • access to personal data and information regarding data processing,
  • the right to rectification,
  • restriction of data processing,
  • the right to erasure,
  • the right to object,
  • the right to data portability.

If you wish to exercise your rights, this requires your identification, and the data controller must necessarily communicate with you. Therefore, personal data is required for identification (however, identification can only be based on data that the data controller is already processing about you), and your complaints regarding data processing will be available in the data controller’s email inbox within the complaint period specified in this Privacy Policy. If you were our customer and wish to identify yourself for the handling of complaints or warranty matters, please also provide your order ID. This will allow us to identify you as a customer.

The data controller will respond to complaints regarding data processing within a maximum of 30 days.

Right to Withdraw Consent

You are entitled to withdraw your consent to data processing at any time; in this case, we will delete the specified data from our systems. Please note, however, that in the case of an order that has not yet been fulfilled, withdrawal of consent may result in our inability to deliver the order to you. Furthermore, if the purchase has already been made, we cannot delete the data associated with invoicing from our systems due to accounting regulations, and if you owe us a debt, we may process your data based on a legitimate interest even in the event of a withdrawal of consent.

Right of Access to Personal Data

You have the right to receive confirmation from the data controller as to whether your personal data is being processed, and if data processing is taking place, you have the right to:

  • Access to the personal data being processed and
  • Information from the data controller regarding:

o the purposes of the data processing;

o the categories of personal data processed about you;

o information about the recipients or categories of recipients to whom the personal data has been or will be disclosed by the data controller;

o the planned duration of the storage of the personal data or, if this is not possible, the criteria for determining this duration;

o your right to request from the data controller the rectification, erasure, or restriction of the processing of your personal data, and, in the case of data processing based on a legitimate interest, the right to object to such processing of your personal data;

o the right to lodge a complaint with the supervisory authority;

o if the data was not collected from you, all available information regarding its origin;

o the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, information about the logic used and comprehensible information about the significance of this type of data processing and its expected impact on you.

The purpose of exercising this right may be to verify the lawfulness of the data processing; therefore, if information is requested multiple times, the data controller may charge a reasonable fee for providing the information.

The data controller ensures access to personal data by sending you the processed personal data and the relevant information via email after verifying your identity. If you are a registered user, we ensure access by allowing you to log in to your user account and view and review the personal data processed about you.

Please specify in your request whether you wish to access the personal data or request information regarding data processing.

Right to Rectification

You have the right to request that the data controller immediately rectify any inaccurate personal data concerning you.

Right to restriction of processing

You have the right to request that the data controller restrict processing if any of the following conditions are met:

  • You contest the accuracy of the personal data. In this case, the restriction applies for the period necessary to allow the data controller to verify the accuracy of the personal data. If the correct data can be determined immediately, there is no restriction.
  • The data processing is unlawful, but you object to the erasure of the data for any reason (for example, because the data is important to you for the enforcement of legal claims). Therefore, you do not request the erasure of the data, but instead request the restriction of its use.
  • The data controller no longer needs the personal data for the specified processing purpose, but you need it to assert, exercise, or defend legal claims, or
  • You have objected to the processing, but there may also be a legitimate interest on the part of the data controller in the processing. In this case, processing should be restricted until it has been determined whether the data controller’s legitimate grounds override your legitimate grounds.

If processing is restricted, this personal data may, with the exception of storage, only be processed with your consent or for the purpose of asserting, exercising, or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State.

The data controller will inform you in advance of the lifting of the restriction on processing (at least three business days before the restriction is lifted).

Right to erasure – Right to be forgotten

You have the right to request that the data controller erase personal data concerning you without undue delay if one of the following grounds applies:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed by the data controller,
  • You withdraw your consent and there is no other legal basis for the processing,
  • You object to the processing based on a legitimate interest and there are no overriding legitimate grounds (i.e., legitimate interest) for the processing,
  • The data controller has unlawfully processed the personal data and this has been established following a complaint,
  • the personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.

If the data controller has made your personal data public for any lawful reason and is required to erase it for any of the reasons listed above, the data controller is required to take reasonable steps, taking into account available technology and the cost of implementation, —including technical measures—to inform other controllers processing the data that you have requested the deletion of all links to that personal data or copies or replicas of that personal data.

Erasure does not apply if the processing is necessary:

  • for the exercise of the right to freedom of expression and information,
  • to comply with a legal obligation that requires the processing of personal data and that is based on Union law or the law of the Member States to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller,
  • for the establishment, exercise, or defense of legal claims (e.g., if the data controller has a claim against you that has not yet been settled, or if a complaint regarding consumer or data protection violations is pending).

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on a legitimate interest. In this case, the data controller may no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or that are related to the establishment, exercise, or defense of legal claims.

If the processing of personal data is carried out for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising, including profiling, insofar as it is related to such direct marketing. If you object to the processing of your personal data for the purposes of direct marketing, the personal data may no longer be processed for these purposes.

Right to Data Portability

If the data processing is automated, or if the data processing is based on your voluntary consent, you have the right to request from the data controller that you receive the data you have provided to the data controller in XML, JSON, or CSV format, and, where technically feasible, you may request that the data controller transmit the data in this format to another data controller.

Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. In such cases, the data controller is required to take appropriate measures to protect your rights, freedoms, and legitimate interests, including at least the right to request human intervention from the data controller, to express your opinion, and to object to the decision.

The above provisions do not apply if the decision:

  • is necessary for the conclusion or performance of a contract between you and the data controller,
  • can be made on the basis of Union law or the law of the Member States applicable to the data controller, which provides for appropriate measures to protect your rights, freedoms, and legitimate interests, or
  • is based on your explicit consent.

 

Data Security Measures

When processing and storing personal data, the data controller and the data processor shall act with the utmost care. In the area of information security, the data controller and the data processor shall apply the most efficient and modern methods and procedures available. The data controller is obligated to plan and carry out data processing operations in such a way as to ensure the protection of the data subjects’ privacy in accordance with the law and other provisions governing data processing.

The data controller and the data processor are obligated to ensure the security of the data and to take all technical and organizational measures and establish procedural rules necessary to comply with the law and other data protection and confidentiality regulations.

In particular, the data must be protected against unauthorized:

  • access,
  • modification,
  • disclosure,
  • publication,
  • deletion or destruction, as well as
  • accidental destruction and damage, and
  • inaccessibility resulting from changes in the technology used.

To ensure the security of data sets processed electronically in various registers, a suitable technical solution must be implemented to ensure that the data stored in the registers—unless permitted by law—cannot be directly linked to one another or attributed to the data subjects.

In the automated processing of personal data, the data controller and the data processor shall ensure, through additional measures:

  • the prevention of unauthorized data entry,
  • the prevention of the use of automated data processing systems by unauthorized persons via data transmission devices,
  • the ability to verify and determine to which institutions personal data has been or may be transferred through the use of data transmission devices,
  • the ability to verify and determine which personal data was entered into the automated data processing systems, when, and by whom,
  • the ability to restore the installed systems in the event of a failure, and
  • the generation of a report on errors that occur during automated processing.

Data protection and data processing officers must take into account the current state of the art when determining and applying security measures for data. If there are multiple possible data processing solutions, the one that offers a higher level of protection for personal data should be selected, unless this would pose a disproportionate burden on the data controller.

The data controller and the data processor shall select and operate the IT equipment used for the processing of personal data during the provision of the service in such a way that the processed data:

  • are accessible to authorized persons (availability),
  • their authenticity and verification are ensured (authenticity of data processing),
  • their immutability can be verified (data integrity),
  • is protected against unauthorized access (data confidentiality).

The data controller and the data processor shall ensure data security through technical, organizational, and institutional measures, providing a level of protection commensurate with the risks associated with the data processing.

Electronic messages transmitted over the Internet, regardless of the protocol (email, web, FTP, etc.), are vulnerable to network threats that can lead to unfair activities or the disclosure or alteration of information. To ward off such threats, the data controller and the data processor take all appropriate protective measures. The systems are monitored to record all security deviations and to provide evidence in the event of any security incident. However, it is common knowledge—and thus also known to the data subjects—that the Internet is not 100% secure. The data controller and the data processor shall not be liable for any damages caused by unavoidable attacks, despite exercising the greatest possible care. The IT systems and networks of the data controller and the data processor are equally protected against computer-assisted fraud, espionage, sabotage, vandalism, fire, and flooding, as well as against computer viruses, computer hacks, and attacks leading to denial of service. The data controller and the data processor ensure security through server-side and application-specific protection measures.

Remedies

If you believe that the data controller has violated a legal provision regarding data processing or has not complied with your request, you may initiate proceedings with the European Data Protection Supervisor to halt the allegedly unlawful data processing. You can find more detailed information about the European Data Protection Supervisor’s procedures here: EDPS Homepage | European Data Protection Supervisor (europa.eu).

We also inform you that, in the event of a violation of the legal provisions regarding data processing or if the data controller has not complied with your request, you may file a lawsuit against the data controller in court.

Changes to the Privacy Policy

The data controller reserves the right to amend this privacy policy without affecting the purpose and legal basis of data processing. By using the website after the amendment takes effect, you accept the amended privacy policy.

Should the data controller intend to further process the collected data for a purpose other than the original purpose of collection, it will inform you prior to such further processing regarding the purpose of the data processing and the following information:

  • the duration of the storage of your personal data or, if this is not possible, the criteria for determining this duration,
  • your right to request from the data controller access to your personal data, its rectification, erasure, or restriction of processing, and, in the case of data processing based on legitimate interests, to object to the processing of your personal data, as well as, in the case of data processing based on your consent or a contract, to exercise your right to data portability,
  • in the case of data processing based on your consent, that you may withdraw your consent at any time,
  • about your right to lodge a complaint with the supervisory authority,
  • whether the provision of your personal data is based on a legal or contractual obligation or is a prerequisite for entering into a contract, and whether you are required to provide your personal data, as well as the possible consequences if you do not provide the data,
  • about the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, about the logic applied and understandable information regarding the significance and expected consequences of this type of data processing for you.

Data processing may only begin after you have given your consent if the legal basis for the data processing is your consent, and in addition to receiving this information, you must consent to the data processing.

In preparing this information, we have taken into account the following legal provisions:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

KOSTENLOSES E-BOOK

Gesund, energiegeladen, ausgeglichen leben – die Algen erreichen dies mit diesen 3 Phasen.

In diesem kostenlosen Material zeigen wir Ihnen, warum und wie Algen unsere Gesundheit wesentlich effizienter erhalten können und wie sie unseren Körper auf unglaubliche Weise energisieren können.

Nach Eingabe Ihrer E-Mail-Adresse senden wir es sofort zu.
E-mail cím nem megfelelƑ
KĂ©rjĂŒk, ezt a mezƑt is legyen szĂ­ves kitölteni!
KĂ©rjĂŒk, ezt a mezƑt is legyen szĂ­ves kitölteni!
KĂ©rjĂŒk, ezt a mezƑt is legyen szĂ­ves kitölteni!