PRIVACY POLICY (Data management)
EXTREME SILVER KFT. (hereinafter: Service Provider) manages the data of visitors to the Webshop, placing orders and registering on the Webshop (hereinafter collectively: Data Subject) during the operation of the www.balcano.eu Webshop (hereinafter: Webshop).
In connection with the processing of data, the Service Provider hereby informs the Data Subjects about the personal data managed by it on the Webshop, its principles and practices followed in the field of personal data processing, as well as the manner and possibilities of using the rights of the Data Subjects.
Data Subject by using the Webshop, sending his / her order and, if applicable, registering, the Data Subject accepts the contents of the Privacy Policy Information and consents to the data processing specified below.
Definitions
- Data Subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;
- Personal data: data relating to the Data Subject, in particular the name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, and a conclusion to be drawn from the data concerning the data subject;
- Consent: a voluntary and firm declaration of the Data Subject's intention, based on adequate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in full or in part;
- Protest: the Data Subject objecting to the processing of his personal data and requesting the termination of the data processing or the deletion of the processed data;
- Data manager: a natural or legal person or an organization without legal personality who, alone or together with others, determines the purpose of the processing, makes and implements decisions on data processing (including the means used) or implements it with a data processor entrusted by him;
- Data management: any operation or set of operations on data, regardless of the procedure used, in particular the collection, recording, recording, systematisation, storage, alteration, use, consultation, transmission, disclosure, coordination or interconnection, blocking, erasure and destruction of data, and prevent its further use, take photographs, sound or images, and record physical identifiers (e.g. fingerprints or palm prints, DNA samples, irises);
- Data processing: performing technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
- Data processor: a natural or legal person or an organization without legal personality who processes data, on the basis of a contract concluded with the data controller, including the conclusion of a contract on the basis of a provision of law;
- Data transmission: making the data available to a specific third party;
- Disclosure: making the data available to anyone;
- Data deletion: making the data unrecognizable in such a way that it is no longer possible to recover it;
- Data lock: identification of the data in order to limit its further processing definitively or for a specified period;
- Data destruction: complete physical destruction of media containing the data;
- Third party: a natural or legal person or an organization without legal personality who is not the same as the data subject, the controller or the processor.
Purpose of data management
The Service Provider stores and handles the data provided by the Data Subject for a specific purpose, solely for the purpose of fulfilling the order, enabling invoicing, delivering the products to your home, later proving the terms of the concluded contract and sending a newsletter.
The purpose of the automatically recorded data is the production of statistics and the technical development of the IT system.
The Service Provider does not or may not use the personal data provided for purposes other than those specified above. The disclosure of personal data to third parties or authorities is possible, unless otherwise required by law, with the prior express consent of the Data Subject.
In all cases where the Service Provider wishes to use the provided data for a purpose other than the purpose of the original data collection, he shall inform the Data Subject thereof and obtain his / her prior, express consent, or provide him / her with an opportunity to prohibit the use.
Legal basis for data management
The data processing is carried out on the basis of a voluntary statement of the users of the Webshop, based on appropriate information, which statement contains the data subject's express consent to the use of their personal data provided during the use of the Webshop.
Act CXII of 2011 on the right of information self-determination and freedom of information for data processing by the Service Provider pursuant to Section 5 (1) (a) of Act CVIII of 2001 on the Voluntary Consent of the Data Subject and on Certain Issues of Electronic Commerce Services and Information Society Services by law.
The Service Provider does not check the authenticity of personal data provided to him. The Data Subject. is solely responsible for the adequacy of the data provided. When providing the email address of any Data Subject., it is also responsible for ensuring that only the Data Subject. uses the service from the provided email address. In view of this liability, all liability in connection with access to a given email address shall be borne solely by the Customer who has registered the email address.
Name of the Service Provider as data controller
| Company name: | EXTREME SILVER KFT. |
| Head Office: | Szent Istvan u. 12., 5700 Gyula, Hungary |
| EU TAX ID: | HU13422431 |
| Company registration number: | 04-09-006569 |
| Court of Registration: | Bekes County Court as Court of Registration |
| Email address: | info@balcano.eu |
| Data management registration number: | NAIH-77353/2014. |
Duration of data management
The processing of personal data that is mandatory during registration starts with the registration and lasts until it is deleted upon request. In the case of non-mandatory data, the data will be processed until the order is fulfilled. The registration can be canceled at any time after the cancellation request has been sent, as set out in the GTC 2.1. In this case, the deadline for deleting the data is 5 working days after receipt of the request.
In the case of a newsletter, the Service Provider handles the data provided during the subscription of the Affected Newsletter until the Subscriber unsubscribes from the newsletter by clicking the "Unsubscribe" button at the bottom of the newsletter or requests to be removed from the newsletter list by email or mail. In case of unsubscription, the Service Provider deletes the data of the Data Subject from its system within 5 working days after the receipt of the request.
Logged data is stored for 6 months from the date of logging, except for the date of the last visit, which is automatically overwritten.
The above provisions do not affect the fulfillment of retention obligations specified in legislation (e.g. accounting legislation) and the processing of data on the basis of additional consents given during registration on the Webshop or in any other way.
The scope of personal data processed
Registration information
In order to use the services on the Webshop, and in particular to order on the Webshop, the Stakeholders must fill in a registration form, during which they must provide the following information in order to fulfill the order by the Service Provider.:
- Surname,
- First name,
- Email address.
Additional information is required to submit the order:
- ZIP code,
- City,
- Street address,
- House number,
- Country,
- Telephone number.
Technical data
The data of the Data Subject's login computer, which are generated during the use of the service and which are recorded by the Service Provider's system as an automatic result of the technical processes. These include, in particular, the date and time of the visit, the IP address of the data subject's computer, the type of browser, the address of the previously visited Webshop.
The automatically recorded data is automatically logged upon entry or exit without any separate statement or action by the Data Subject. This data may not be linked to other personal user data, except in cases required by law. Only the Service Provider has access to the data.
The Service Provider's system may collect data on the activity of the Stakeholders, which cannot be combined with other data provided by the Advertiser upon registration or contacting the User with the Advertiser, or with data generated during the use of other Webshops or services.
The html code of the Webshop may contain links from and to an external server independent of the Service Provider. The providers of these links are able to collect user data due to the direct connection to their server.
External servers help to independently measure and audit the Webshop traffic and other web analytics data (Google Analytics). Data controllers can provide detailed information on the handling of measurement data to the Data Subject.
Their contact details: www.google.com/analytics/
Cookies
In order to provide customized service, the Service Provider and the designated external service providers may send and place a small data package, the so-called cookie and read back. If the browser returns a previously saved cookie, the cookie provider has the option to link the data saved during the current visits of the Data Subject to the previous ones, but only for its own content.
The Service Provider uses the following cookie:
- Temporary (session) cookie: session cookies are automatically deleted after the Data Subject's visit. These cookies are used to make the Service Provider's Website more efficient and secure, so they are essential for certain functions of the Website or certain applications to work properly.
- Persistent cookie: the Service Provider also uses a persistent cookie for a better user experience (e.g. providing optimized navigation). These cookies are stored for a longer period of time in the Data Subject’s browser's cookie file. The duration of this depends on the setting that the Data Subject uses in his / her Internet browser. With the help of such cookies, the Service Provider collects data anonymously for marketing and optimization purposes. The Service Provider does not use the data to personally identify the Data Subject. Of course, the Data Subject may block the use of the data at any time at any of the contact details of the Service Provider indicated above.
If the Data Subject does not want Google Analytics to measure the above data in the manner and for the purpose described, he / she shall install the blocking add-on in his / her browser.
The Webshop uses Google Adwords remarketing tracking codes. This is so that Visitors to the Webshop can later be accessed by remarketing ads on Google Display Network websites. The remarketing code uses cookies to tag visitors. Webshop Users may disable these cookies by visiting the Google Ads Preferences Manager and following the instructions there. After that, personalized offers from the Service Provider will not appear for them.
The "Help" function in the menu bar of most browsers provides information on
- how to disable cookies,
- how to accept new cookies,
- how to instruct your browser to set a new cookie, or
- how to turn off other cookies.
The range of persons who get to know the data, data transmission, data processing
The data are primarily available to the Service Provider and the Service Provider's internal employees, however, they are not published or passed on to third party (ies).
The Service Provider may use a data processor (eg: system operator, transport company, accountant) to fulfill the orders and settle the settlement. Service Provider is not responsible for the data management practices of such external contributors.
Name of data processors:
| Name: | UPS Magyarország Kft. |
| Head Office: | Lőrinci street 154. Airport City Logistic Park, Building G 2220 Vecsés, Hungary |
| Mailing address: | Lőrinci street 154. Airport City Logistic Park, Building G 2220 Vecsés, Hungary |
| Email address: | upshungary@ups.com |
Hosting provider information:
| Name: | Melius-Group Kft. |
| Head Office: | Orczy ut 40. 1/20. 1089 Budapest, Hungary |
| Mailing address: | Orczy ut 40. 1/20. 1089 Budapest, Hungary |
| Email address: | info@melius-group.hu |
Online billing program provider (szamlazz.hu):
| Name: | KBOSS.hu Kft. |
| Head Office: | Zahony utca 7. 1031 Budapest, Hungary |
| Mailing address: | Zahony utca 7. 1031 Budapest, Hungary |
| Email address: | dpo@kboss.hu |
Bookkeeping:
| Name: | SERES Konyvelo és Palyazati Tanacsado Kft. |
| Head Office: | Bajza u. 1. 5600 Békéscsaba, Hungary |
| Mailing address: | Bajza u. 1. 5600 Békéscsaba, Hungary |
| Email address: | konyveles@serespalyazat.hu |
In addition to the above, the transfer of personal data concerning the Data Subject may only take place in cases specified by law or with the consent of the Data Subject.
Rights and enforcement of the data subject
Right to information
The Data Subject is entitled to request information about the personal data managed by the Service Provider at any time, and may change them at any time on the Website in his / her own account.
At the request of the Data Subject, the Service Provider shall provide information of the data processed by him, the purpose, legal basis, duration of the data processing, as well as on who and for what purpose receive or have received their data. The Service Provider shall provide the requested information in writing within 30 days of the submission of the request.
The Data Subject may contact the Service Provider's employee with any questions or remarks related to data management via the contact details indicated below.
The data subject may request the deletion, correction or blocking of his / her data
The Data Subject has the right at any time to request the correction or deletion of incorrectly recorded data at one of the contact details indicated below. The Service Provider deletes the data within 5 working days from the receipt of the request, in which case they will not be recoverable. The deletion does not apply to the data processing required by law (e.g. accounting regulations), the Service Provider will keep them for the required period of time.
Further, the Data Subject may request the blocking of his / her data. The Service Provider shall block the personal data if the data subject so requests or if, on the basis of the information available to him / her, it can be assumed that the deletion would harm the legitimate interests of the Data Subject. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists.
The data subject shall be notified of the rectification, blocking and erasure, as well as to all persons to whom the data have previously been transmitted for data processing purposes. The notification may be omitted if it does not infringe the legitimate interest of the Data Subject with regard to the purpose of data management.
If the data controller does not comply with the request for rectification, blocking or erasure concerned, he shall state in writing the reasons in fact and in law for refusing the request for rectification, blocking or erasure within 30 days of receipt of the request.
The Data Subject may protest to the processing of his / her personal data
The Data Subject may protest to the processing of his or her personal data. The Service Provider shall examine the protest within the shortest time from the submission of the application, but not later than within 15 days, make a decision on the merits of the application and inform the applicant of its decision in writing.
The Data Subject may use his / her rights at the contact details indicated in point 1.
The Data Subject based on the Civil Code (Act V of 2013)
- He / she can apply to the National Data Protection and Freedom of Information Authority (Szilagyi Erzsebet fasor 22/c. 1125 Budapest, Hungary.; http://www.naih.hu), or
- Assert his / her rights before the Court.
If Data Subject provided third party data during the registration for the use of the Affected Service or caused damage in any way during the use of the Webshop, the Service Provider is entitled to enforce compensation against the Affected. In such a case, the Service Provider shall provide all possible assistance to the acting authorities in order to establish the identity of the infringing person.
Use of email addresses
The Service Provider pays special attention to the legality of the use of the email addresses managed by it, so it is used only in the manner specified below (for information or advertising) to send emails.
The management of email addresses primarily serves the identification of the Data Subject, the keeping of orders during the fulfillment of orders and the use of services, so emails are sent primarily for this purpose.
Newsletter
Service Provider allows the Data Subject to subscribe to the newsletter. The Data Subject has the opportunity to do this together with the registration. As the purchase is not subject to registration, the registration is specifically aimed at consenting to the sending of the newsletter and the loyalty discount accompanying the registration. The newsletter has direct marketing elements and contains advertising. The Service Provider handles the data provided by the Data Subject during the use of the newsletter.
The Data Subject may unsubscribe from sending newsletters by terminating (deleting) his personal registration at any time and without restriction or justification. He / she can do this by email, email or by clicking on the "Unsubscribe" link at the bottom of the newsletters. In this case, the Service Provider deletes all personal data - necessary for sending the newsletters - from his register and does not contact the Data Subject with his further newsletters or offers. The Service Provider sends letters containing an advertisement or an advertisement (newsletter) to the email addresses provided during registration only with the express consent of the Data Subject, in cases and in a manner that complies with legal requirements.
Data security
The Service Provider undertakes to ensure the security of the data, as well as to take the technical measures that ensure that the recorded, stored and managed data are protected, and to do everything possible to prevent their destruction, unauthorized use and unauthorized alteration. It also undertakes to call on any third party to whom the data may be transmitted or transferred to fulfill its obligations in this regard.
Other provisions
The Service Provider reserves the right to unilaterally modify this Data Management Information with the prior notice of the Data Subject via the Webshop. After the entry into force of the modification, the Data Subject accepts the contents of the modified Data Management Information by implicitly using the Webshop.
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016 can be viewed here.