Privacy notice
The purpose of the data management information
The purpose of this data management information sheet is for DRA-CONS Kft., as a data controller (hereinafter referred to as "Data Controller") to describe the data protection rules, procedures and protection measures applied and operating in the Data Controller's organization for data considered personal data. In this document, the Data Controller also informs its customers, partners, as well as all natural and legal persons who have any - legally interpretable - relationship with the Data Controller and who are affected during its personal handling, about the rules for handling the personal data handled by it, and about the applied protection measures procedures and the method of data management. The Data Controller considers the rules, provisions and obligations described in this Data Management Information Sheet to be legally binding on itself and applies them during its operation, and declares that the data protection rules and procedures described and applied in this document comply with the applicable national and European Union data protection legislation. The data controller also declares that it considers the right to informational self-determination important, especially with regard to personal data, and will take all available organizational, operational, regulatory and technological measures within its scope in order to observe and enforce these rights. This data management information sheet governs the data management of the following pages: www.greenx.hu The version of the Data Management Information Sheet that is in effect at all times is available on the website's access pages. The Data Controller may change the Data Management Information at any time, in addition to the obligation to publish and inform the Data Subjects. Amendments to the prospectus will take effect upon publication at the above address.
Data of the Data Controller
Company details and contact details of the Data Controller: Name: DRA-CONS Kft. Headquarters: 1171 Budapest, Laffert utca 3. Company registration number: 01 09 338051 Name of the registering court: Tax number: 22763073242 Central telephone number: 06 70 791 7426 Central e-mail: info@greenx.hu The Data Controller keeps the data protection requests (e-mail) received in the section "Usage and retention period of managed data" for the specified period of time applicable to this data management. After this, they are irrevocably deleted. Data Protection Officer of the Data Controller Name: DRA-CONS Kft. E-mail address: info@greenx.hu
Concept definitions
"personal data": any information relating to an identified or identifiable natural person ("Data Subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable; "data management": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying; "data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law; "data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller; "recipient": the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management; "third party": the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who, under the direct control of the data controller or data processor, are authorized to process personal data they got; "consent of the data subject": the voluntary, specific and well-informed and clear declaration of the will of the data subject, by which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him; "profiling": any form of automated processing of personal data in which personal data is used to evaluate certain personal characteristics of a natural person, in particular work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement used to analyze or predict related characteristics; "pseudonymisation": the processing of personal data in such a way that, without the use of additional information, it is no longer possible to determine which specific natural person the personal data refers to, provided that such additional information is stored separately and is ensured by technical and organizational measures that this personal data cannot be linked to identified or identifiable natural persons; "registry system": the file of personal data in any way – centralized, decentralized or divided according to functional or geographical aspects – which is accessible based on specific criteria; "data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled;
Principles for handling personal data
Personal data:
The data controller is responsible for compliance with paragraph (1) and must be able to demonstrate this compliance ("accountability").
Data controller's data management and the managed personal data
Data requested and/or recorded during registration and purchase:
The scope of those affected: Persons registered in the webshop and persons purchasing in the webshop. Duration of data management, deadline for deletion of data: The data will be deleted immediately at the express request of the customer. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject's deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, as this data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting. Management of data related to newsletters XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. Pursuant to § 6 of the Act, the User may expressly and in advance consent to the Service Provider's advertising offers and other mailings being sought at the contact details provided during registration, the user of the web store may, bearing in mind the provisions of this information, consent to the Service Provider handling his/her personal data necessary for the sending of advertising offers. The Service Provider does not send unsolicited advertising messages, and the User may unsubscribe from the sending of offers without limitation or justification, free of charge, which the Service Provider will respect and will not send any more advertising messages to the user's e-mail address. Users can unsubscribe from advertisements by clicking on the unsubscribe link in the e-mail message. Data recorded in connection with the management of newsletters: e-mail address, name, date and time of subscription, date and time of sending newsletters, date and time of opening newsletters and clicking on links in newsletters. The legal basis for data management: the Data Subject's opt-in consent. Retention period of the data managed in data management: the data will be retained until the request for deletion of personal data. Customer relationship, other relationship-related data management Customers and other users of the web store can contact the Service Provider via the contact details on the contact page of the web store in case of questions arising in relation to the web store or the Service Provider's services and products offered in the web store. The exchange of messages can take place in person, by telephone, by e-mail, or via the contact form of the online store, or through other contacts of the Service Provider, such as Facebook. During the contact, the data protection guidelines set out in this document also apply to the personal data provided by the Data Subject for the Service Provider, the service provider keeps the personal data obtained during the contact for a maximum of two years, after which the data is deleted. The person of the possible data controllers entitled to access the data, the recipients of the personal data: Personal data can be handled by the data controller's sales, marketing and order fulfillment employees in compliance with the above principles. Description of the rights of data subjects in relation to data processing: The data subject may request from the data controller access to personal data relating to him, their correction, deletion or limitation of processing, and he may object to the processing of such personal data, and the data subject has the right to data portability, as well as consent at any time for withdrawal. Access to personal data, their deletion, modification or limitation of processing, portability of data, objection to data processing can be initiated by the data subject in the following ways: by post to the following address: 1171. Budapest, Laffert utca 3. by e-mail to the following via e-mail: info@greenx.hutelephone : 06 20 298 1895 Legal basis for data management:
Data management is necessary for the fulfillment of the resulting contract during orders made using the online store. In order to fulfill the orders, the customer must provide personal data, without which the orders cannot be fulfilled.
The data processors used
Data processors performing home delivery of products: Name and contact information of data processors: Data processor 1. name, seat, contact details: GLS General Logistics Systems Hungary Kft. - 2351 Alsónémedi, GLS Európa utca 2. Web address https://gls-group.eu Data processor 2. name, seat, contact details : PICK PACK POINT - SPRINTER Courier Service Limited Liability Company, 1097 Budapest, Táblás utca 39. e-mail: pickpackpont@sprinter.hu Activity provided by the data processor: Delivery of products, transport The fact of the data management, the scope of the managed data: Delivery name, delivery address, telephone number, e-mail address. Scope of stakeholders: All stakeholders requesting home delivery. Purpose of data management: Delivery of the ordered products to your home. Duration of data management, deadline for data deletion: It lasts until the home delivery is completed. Legal basis for data processing: see the paragraph entitled "Legal basis for data processing" above. Online payment Name and contact information of data processors: Data processor 1. name, location, contact information: OTP Mobil Szolgáltató Kft. (Headquarters: 1143 Budapest, Hungária krt. 17-19.; Cg. 01-09-174466; tax number: 24386106-2-42) Activity performed by the data processor: Online payment services The fact of the data management, the scope of the managed data: Billing name, billing address, e-mail address. Scope of stakeholders: All stakeholders using online payment options. Purpose of data management: Online payment processing, transaction confirmation and fraud monitoring for the protection of users. The nature and purpose of the data processing activity carried out by the data processor can be found in the SimplePay Data Management Information Sheet, at the link below:http://simplepay.hu/vasarlo-aff Duration of data management, deadline for data deletion: Lasts until the online payment is completed. Legal basis for data processing: see the paragraph entitled "Legal basis for data processing" above, as well as CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of § Data processor 2. name, seat, contact details: Barion Payment Zrt., an institution under the supervision of the Magyar Nemzeti Bank, license number: H-EN-I-1064/2013."Activity provided by the data processor: Online payment services The fact of data management, the scope of the data handled : Invoicing name, billing address, e-mail address. Scope of stakeholders: All stakeholders using online payment options. Purpose of data management: Conducting online payments, confirming transactions and fraud monitoring to protect users. The nature and purpose of the data processing activity carried out by the data processor in the Data Management Information. Duration of data management, deadline for data deletion: Lasts until the online payment is completed. Legal basis for data processing: see the paragraph entitled "Legal basis of data processing" above, as well as CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of § Hosting provider Name and contact information of the data processor: Shopmasters-Informatika Kft. Headquarters: 2200 Monor, Ady Endre u. 24. Email: tarhley (at) shopstart.hu Phone: +36 30 414-7763 Activity provided by data processor: Storage service The fact of the data management, the scope of the managed data: Storage of all personal data provided by the data subject. Scope of stakeholders: All stakeholders who use the online store. Purpose of data management: Making the online store available and operating it properly. The data processor does not use the personal data for its own purposes, they are processed in the most necessary cases at the request of the data controller. Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data manager and the storage provider, or until the deletion request addressed to the storage provider by the data subject. Legal basis for data processing: see the paragraph entitled "Legal basis for data processing" above, as well as CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §
Management of cookies
It's the job of cookies A cookie is a small data package that is created during Internet browsing by the server containing the visited website using the client's web browser, during the first visit, if this is enabled in the browser. Cookies are stored on the user's computer in a predetermined location that varies by browser type. During subsequent visits, the browser returns the stored cookie to the web server, along with various information about the client. With the help of cookies, the server has the possibility to identify the given user, to collect various information about him and to analyze them. The main functions of cookies:
By using cookies, the Data Controller carries out data management, the main objectives of which are:
The legal basis for data management: the use of cookies and session cookies necessary for the technical operation of the webshop, which do not contain personal data, is automatic, in other cases based on the Data Subject's opt-in consent. The purpose of data management is: operation of the website, making purchases possible, measuring visitor traffic. Possible consequences of not providing data: without the cookies necessary for the operation of the basic operations of the online store, some functions of the online store cannot be accessed. Data managed in data management: session ID The expiration date of the cookies: php session cookies expire 24 minutes after the end of the session, the expiration date of the cookie that does not contain personal data belonging to the list of the last viewed products is 6 months. Analytical cookies placed by third parties - analytical cookies The Data Controller also uses third-party cookies from Google Analytics on its website. By using the Google Analytics service for statistical purposes, the Data Controller's server collects information about how visitors use the website. The data is used for the purpose of developing the website and improving the user experience. These cookies also remain on the visitor's computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them. The legal basis for data management: the Data Subject's opt-in consent. The purpose of the data management is to measure the visitor traffic of the online store, to monitor and measure SEO and marketing activities. Possible consequences of the failure to provide data: the failure to use analytical cookies has no impact on the functioning of the functions of the online store. The data managed in data management: the IP address of the visitor, the source of the visit, the data of his browser and operating system, the subpages visited by the visitor. Expiry date of cookies: 2 years. Option to disable cookies and set cookie-related rules The Data Subject has the option to set rules for certain types of cookies, e.g. to avoid the use of cookies, to disable cookies, etc., with the appropriate settings of the browser used. Information on the options for setting the selective or general prohibition of cookies can be found in the "Help" menu of the given browser. With the help of these cookies: The "Help" function in the menu bar of most browsers provides information on how to use cookies in the browser:
The physical storage locations of the data
The data controller stores the personal data in its integrated IT system. The elements of the system are located in the following geographical and physical locations: - The headquarters of the company of the data controller; - The physical location of the server room of the server provider used by the hosting provider;
The IT storage method and logical security of the data
The data manager and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk. The data controller primarily handles personal data on a properly constructed and protected IT system. During the operation of the IT system, it ensures the appropriate level of the basic information security attributes of the data stored, processed and transmitted on it, such as the managed data:
Data controller for the processed data:
protects it with a structured system of protection measures. The data controller develops and operates the system of protection measures and the protection levels of the individual protection measures in proportion to the risks arising as a result of threats to the data to be protected. From a data protection point of view, the protective measures are primarily aimed at protection against accidental or intentional deletion, unauthorized access, intentional and bad faith disclosure, accidental disclosure, data loss, data destruction.
Rights of Data Subjects
The Data Subject's right of access The Data Subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to receive access to the personal data and the following information:
The Data Controller provides the Data Subject with 1 copy of the personal data that is the subject of data management. For additional copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Subject submitted the request electronically, the Data Controller will provide the information in a widely used electronic format, unless the Data Subject requests otherwise, within a maximum of 30 days from the date of submission. Right to rectification The Data Subject is entitled to request that the Data Controller correct inaccurate personal data relating to him without undue delay, and he is also entitled to request the addition of incomplete personal data, taking into account the purpose of the data management. Right to erasure The Data Subject has the right to request that the Data Controller delete the personal data concerning him without undue delay, and the Data Controller is obliged to delete the personal data concerning the Data Subject without undue delay if one of the following reasons exists:
Data deletion cannot be initiated if data management is necessary:
The right to restrict data processing At the Data Subject's request, the Data Controller restricts data processing if one of the following conditions is met:
If data management is subject to restrictions, personal data may only be processed with the consent of the Data Subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state. Right to protest The Data Subject has the right to object to the processing of his personal data at any time for reasons related to his own situation, including profiling based on the aforementioned provisions. In this case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests and rights of the Data Subject, or that are related to the submission, enforcement or defense of legal claims. Automated decision-making in individual cases, including profiling The Data Subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent. Right of withdrawal The Data Subject has the right to withdraw his consent regarding his personal data at any time. Remedies In the event of a violation of their rights, the Data Subject may request information, remedy, or file a complaint at the contact details of the Data Protection Officer specified in this document. If these are ineffective, the Data Subject is entitled to go to court or contact the National Data Protection and Freedom of Information Authority. National Data Protection and Freedom of Information Authority (NAIH) contact information Name: National Data Protection and Freedom of Information Authority (NAIH) Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, Pf.: 5. Tel: +36 (1) 391-1400 Fax: +36 (1) 391-1410 E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih. en
Data protection incident
If a data protection incident occurs and it likely involves a high risk for the rights of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay. In the event of a data protection incident, the service provider provides information to those affected during the incident, giving the date of the data protection incident, the scope of the affected data, the consequences following and/or likely from the incident, the measures taken or planned to remedy the data protection incident, and the contact information of the data protection officer for the purpose of providing further information. .
Other provisions
For archival, scientific and historical research or statistical purposes based on public interest; for the presentation, enforcement and defense of legal claims. When requested by the authorities or authorized by law, the Service Provider is obliged to provide information, communicate and transfer data, and make documents available. 5. In these cases, the Service Provider only releases personal data to the requester - if he has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request. We provide information on data management not listed in this information when the data is collected.
Data transfer declaration for OTP SimplePay online bank card payment I understand that my personal data stored in the user database of https://www.greenx.hu by the data controller of the Greenx online store - DRA-CONS Kft. (1171. Budapest Laffert u. 3.) will be transferred to OTP Mobil Kft., as a data processor. The range of data transmitted by the data controller is as follows: name, e-mail address, telephone number, billing address data and delivery address data.http://simplepay.hu/vasarlo-aff