Personal Data Protection
Contact details of personal data controller:
Dr. Varga Miklós sole proprietor
9099 Pér, Fehérvári Str. 90.
HUNGARY
E-mail: hello@best2pets.de
(“Controller”)
Processing of personal data is performed in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR) an the Act no. 18/2018 on protection of personal data and on changes and supplements of some other acts as amended (“Act“).
- Definitions
Data Subject: Every natural person whose personal data is processed by the Controller (“Data Subject”);
Personal Data: data provided by the by the Data Subject for the purposes defined by the Controller;
Controller: Legal entity identified in the header of this text which specifies the purpose and means of processing of Personal Data of the Data Subject, performs the processing, and is responsible for due and lawful data processing;
Processor: a subject that is mandated by the Controller based on a contractual relationship to process Personal Data of the Data Subject provided by the Controller based on an agreement on safe processing of Personal Data;
Website: Web pages of the Controller, through which the Data Subject enters data into electronic forms or performs registration (opening of an account) at the respective Websites of the Controller.
Purpose of Processing of Personal Data: the reason why Personal Data of the Data Subject is processed. The Purpose of Processing Personal Data is outlined and defined in item 4 below;
Cookies: short text files stored by the web browser or mobile browser of the Data Subject. Most of the cookies contain a unique identifier or a so-called cookie file ID. It represents a chain of characters assigned by the websites and servers to the specific browser that stored the cookie file. This enables the websites and servers to distinguish and identify the respective browsers. Cookie files are used to improve the operation of websites, evaluation of their traffic and to better target marketing activity. Where the Data Subject browses through the Controller’s Website he/she is deemed to have provided consent to usage of these files.
- Defined categories of Personal Data
Following up on the respective legal title and the purposes of processing, the Controller and the Processor process the following Personal Data or possibly categories of Personal Data:
a) Identification and address data: e.g. company name, registered address, Tax ID no., VAT no., Company ID no., academic title, name, surname or another contact address, the name of the e-shop;
b) Electronic contact details: e.g. phone number, e-mail address;
c) Other electronic data: IP address, cookies, URL address;
d) Other Personal Data linked to the contractual relationship: bank account number including the IBAN/SWIFT format
e) Other Personal Data: typically data provided by the customer in an order form or other documents and in communication with the provider including later updates
The obligation or possibility to enter the respective above Personal Data may differ depending on the respective Website of the Controller.
- The origin of Personal Data
The Controller processes data that the Data Subject provides e.g. upon registration of the user account, communication with the Controller by way of electronic forms upon concluding of the Agreement on intermediation or upon registration for subscription of a newsletter. This data most often includes:
- Identification data and address;
- Electronic contact details;
- Other Personal Data connected to the contractual relationship.
Other data that the Controller obtains automatically based on browsing of the Website. This data most often includes:
- Other electronic data:
- Cookies
- The website from which you have arrived to our Website
- IP address
- Date of access and duration of the visit
- Search inquiries
- Code of http and https responses
- Transferred datasets
- Information about the browser and operating system of the computer.
- Why is Personal Data processed (the purpose of processing)?
Personal Data Of the Data Subject is processed for the following purposes:
- Concluding and execution of a contractual relationship that also includes the following:
- Administration of the customer account (account registration)
- Communication with the Data Subject
- Communication with customers, satisfaction scoring, publishing of reviews, handling requests, complaints, and claims
- Accounting and data purposes
Data Subject provides truthful and correct Personal Data voluntarily and the Data Subject simultaneously declares that he/she is aware of the consequences of providing intentionally incorrect data, in particular of the fact that such action could qualify as criminal offence.
- Marketing and advertising activity that also includes the following:
- Sending of information newsletters and offer of our products or services.
- Direct marketing and creation of personalised content and advertising.
- Improving the quality of our products and services, analysis of Website traffic and Data Subject’s behaviour on the Website.
The Controller processes Personal Data of Data Subjects for the purpose of discount programs, newsletter subscription, which is regarded as direct marketing as well as for the purpose of public opinion polls solely after provision of a clear and voluntary consent by the Data Subject pursuant to Section 13 (1) item a) of the Act and pursuant to Section 6 of GDPR. Data Subject will demonstrate his/her consent or disagreement with processing of Personal Data by ticking the corresponding box on the Website and/or upon their registration or by exercising another suitable method. In cases where the Data Subject fails to tick the box for his/her consent, the Controller shall not be entitled to process Personal Data for the purposes of marketing and public opinion polling. The Data Subject has to right to withdraw his/her consent to processing of their Personal Data for marketing or public opinion polling purposes while the Controller must immediately ensure that their Personal Data ceases to be processed for the above purposes and is erased from the information systems for marketing and public opinion polling with respect to the right of the Data Subject to be forgotten. The legal basis for processing of Personal Data is the indication of consent.
- For how long is Personal Data processed?
Personal Data of the Data Subject is processed for an indefinite period.
- To whom is Personal Data made accessible?
Access to Personal Data of the Data Subject can be provided to the following processors or recipients:
- Providers of accounting and tax consultancy.
- Providers of IT services and hosting.
- Providers of security and integrity of our services and Websites.
- Providers of analytical services.
- Providers of assistance services for customer support.
- Providers of legal counsel, lawyers.
- Public authorities.
When selecting the Processor, the Controller shall ensure the Processor has professional, technical;, organisational and personal capability and the ability to ensure security of the processed Personal Data and to ensure protection of the rights of the Data Subjects.
- Is Personal Data provided to entities outside the EU?
In case of need, the Controller shall provide Personal Data within the members states of the European Union, since transfer of Personal Data into the member states of the European Union is fully guaranteed by the Act and GDPR without any limitations. The Controller shall not transfer Personal Data of Data Subjects outside the EU territory and European Economic Area.
- How is the Personal Data processed?
Personal Data is processed manually as well as automatically. The Controller keeps adequate records on all the activities of data processing pursuant to the Act.
The Controller declares that all the Personal Data provided by the Data Subject is not subject to any decision based exclusively on automated processing, including profiling. The Controller simultaneously indicates that it does not create Personal Data profiles with the purpose of analysis or prediction of preferences by the Data Subject, his/her interests, economic situation, reliability, his/her locations or his/her movement (a typical example of profiling is monitoring of website visitors’ behaviour in order to detect their preferences so that the retailer can approach them in the future with a customised offer).
- What are the basic rights of the Data Subject?
1. The right to access Personal Data:
Data Subject shall have the right to be informed before the processing of Personal Data as well as anytime during the processing of his/her Personal Data about the fact whether or not his/her Personal Data is processed and if it is, the extent and the category of processed Personal Data, the purpose of the processing, identification of the recipient, the duration of processing as well as other rights such as those identified below (the right for erasure and destruction, the right to rectification).
Data Subject shall have the right to request confirmation of the above facts. The first confirmation is not subject to any payment and will be provided to the Data Subject using the requested method and form. Any other following confirmation shall be subject to a €5 fee. Such confirmation shall only be provided by the Controller unless the above action results in an unfavourable impact on the rights of other natural persons.
2. The right to information of the Data Subject if the Personal Data was not obtained from the Data Subject:
Data Subject shall have the right to be informed before the processing of Personal Data by the Controller in cases where this Personal Data was not obtained directly from the Data Subject about the entity of the Controller, the extent and categories of his/her Personal Data, the purpose of its processing, identification of the recipient, identification of the source, from which the Controller obtained Personal Data of the Data Subject, the period of its keeping as well as other rights such as those specified below (the right to erasure and destruction, the right to rectification).
The information shall be not be provided later than 1 month after obtaining of the Personal Data or upon the first communication with the Data Subject, where the Personal Data is to be used in the communication with the Data Subject.
In cases where the Controller intends to use Personal Data for a different purpose than the one for which the Personal Data was obtained, it is obliged to provide the Data Subject with information about this intention and to request his/her consent to this new purpose of processing of his/her Personal Data.
- The right to rectification:
The Controller shall correct without any unnecessary delay any incorrect Personal Data of the Data Subject, or possibly supplement incomplete Personal Data. The Data Subject shall equally have the right to update or to request rectification of his/her Personal Data kept by the Controller in online mode on the Controller’s Website after logging in to his/her the account.
- The right to erasure:
Data Subject shall have the right to have his/her Personal Data erased by the Controller without unnecessary delay. The Controller is obliged to comply provided that
- The Personal Data is not needed for the purpose for which it was obtained or processed
- Data Subject withdraws consent provided to the Controller
- Data Subject objects to the processing and no justified reasons prevail for processing of Personal Data
- Personal Data is processed unlawfully.
The above does not apply where the processing of Personal Data is necessary for exercising of a legal claim of the Controller.
- The right to restriction of processing:
Data Subject shall have the right to obtain that the Controller restrict processing of Personal Data, where
- The accuracy of the Personal Data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the personal Data Subject,
- The processing of Personal Data is unlawful and the Data Subject object to the erasure of Personal Data and instead requests restriction of its usage,
- The Controller does not need Personal Data for the purpose of processing of Personal Data, but the Data Subject needs it to exercise a legal claim, or
- Data Subject objects to processing of Personal Data, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject
Where processing has been restricted except for storage, Personal Data Controller may process Personal Data only with consent of the Data Subject or to exercise a legal claim. The Controller is obliged to inform the Data Subject on termination of restriction of processing of Personal Data.
- The right to object to processing:
Data Subject shall have the right to object on grounds relating to his or her particular situation at any time to processing of his/her Personal Data, where the Data Subject is uncertain concerning the lawfulness of processing pursuant to the provisions of Section 13 (1) item f) (concerning the legitimate interests of the Controller) including profiling based on the above provision. The Controller must not continue on processing of Personal Data unless it demonstrates essential legitimate interests in processing of Personal Data that prevail over the rights or interest of the Data Subject, or reasons to assert a legal claim.
The Data Subject shall have the right to object to processing of Personal Data concerning him/her for the purpose of direct marketing including profiling in the extent the processing is related to direct marketing. Where the Data Subject objects to processing of Personal Data for the purpose of direct marketing, the Controller must not continue processing of Personal Data for the purpose of direct marketing.
- The right of the Data Subject to file a proposal to initiate proceeding pursuant to Section 100 of the Act no. 18/2018 on protection of personal data
Data Subject shall have the right to file a proposal to initiate proceedings on verification whether his/her Personal Data is processed lawfully and safely. The proceeding shall be initiated based on the proposal by the Data Subject or any entity claiming that his/her/its rights have been affected.
The Controller shall notify the Data Subject on his/her rights upon their first mutual contact and should his/her Personal Data be obtained from a third party, the Controller shall immediately notify this fact to the Data Subject and request his/her consent and informs him/her about the corresponding rights.
In case the Controller processes Personal Data of the Data Subject based on provided consent, the Data Subject shall have the right to withdraw this consent at any time.
Data Subject shall have the right to lodge a complaint with the supervisory authority that is the Office for Personal Data Protection
Nemzeti Adatvédelmi és Információszabadság Hatóság,
1125 Budapest, Szilágyi Erzsébet fasor 22/C., Levelezési cím: 1530 Budapest, Pf.: 5.,
Telefon: 06.1.391.1400,
Fax: 06.1.391.1410,
E-mail: ugyfelszolgalat@naih.hu
Honlap: http://www.naih.hu
- How are cookie files processed?
Processing of cookies can be divided based on duration of their validity:
- Session cookies that remain stored in the browser of the Data Subject only until the Data Subject closes the browser,
- Persistent cookies that remain stored for a long term in the browser of the Data Subject until their life cycle ends or until the Data Subject removes them manually (the duration of storing the cookies in the browser of the Data Subject depends in the setting of the individual cookies and setting of the browser).
Depending on their function:
- Essential cookies that are necessary to ensure functionality of the Website,
- Preferential cookies enabling the Website to remember the information that record the look or action taken by the Website (e.g. preferred language or region where the Data Subject is located); these cookies are not essential for operation of the Website but improve its functionality and convenience of its usage,
- Analytical cookies that help the Controller to analyse preferences and behaviour of the Data Subject on the Website (i.e. User Experience) that enable the Controller to analyse how the Data Subject uses the Website.
The Controller does not use third-party cookies which enable monitoring of several websites.
- Conclusion
Legal regulations as well as our business strategy and the related methods of processing of Personal Data of the Data Subject may be subject to change. Where the Controller decides to update these, it shall publish the changes and updates on the Website/s and shall inform the Data Subject on these updates in a suitable manner. The Controller hereby declares that pursuant to the Act and GDPR, it processes and shall continue to process the Personal Data of Data Subjects pursuant to good manners and shall act so that not to contradict or circumvent the Act nor other generally binding statutory regulations.