By using our website, you consent to the use of cookies in accordance with the Cookie Policy.
Menu
Your are here: > Home >

Privacy Policy

Privacy Policy

I.General part

Who processes your personal information? Who is the data controller?

During the processing of your personal data, Tápfutár Webáruház Zrt. (hereinafter referred to as: Data Controller) acts as a data controller.

What are the contact details of the data controller?

Seat: Hofherr Albert utca 42., 1194 Budapest

Phone: +36 30 / 235 6737

Email address: order@biogenicpetvitality.eu

What data is considered personal data?

Personal data is any information about an identified or identifiable natural person (data subject); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.

What personal information falls into special categories of personal information?

Special categories of personal data include personal data referring to racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the unique identification of natural persons, health data and the sexual life or sexual orientation of natural persons.

Who can be considered as data subject?

In particular, the controller may process the personal data of the following natural persons:

  • Registrants on the website of the Data Manager https://www.biogenicpet.hu/teremek/biogenicpet-vitality and its subdomains,
  • Visitors to the data controller's website,
  • Customers in a web store operated by a data controller,
  • Newsletter subscribers,
  • Event registrants and participants
  • Practitioners of their right of withdrawal and warranty,
  • Complainants,

What are the most important laws and regulations regulating the data processing activities of the Data Controller?

Data processing is primarily regulated by the following laws:

  • Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR)
  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information ("Privacy Act")
  • Act V of 2013 on the Civil Code
  • Act C of 2000 on accounting

 According to which principles carries out the Data Controller its data processing activities?

The data controller shall process the data in accordance with the following principles, taking the necessary measures to enforce these principles so that the processing of personal data

(a) it is dealt with lawfully, fairly and on an appropriate legal basis (legality, fairness and transparency);

(b) collected only for specified, explicit and legitimate purposes and not treated in a way incompatible with those purposes,

(c) be appropriate and relevant to the purposes of the data processing and limited to what is necessary (data saving);

(d) be accurate and, where necessary, kept up to date; where possible, inaccurate personal data shall be deleted or rectified without delay (accuracy),

(e) stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data should be stored for a longer period only for statistical purposes, subject to appropriate technical and organizational measures (limited storage capacity),

(f) processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage (integrity and confidentiality), using appropriate technical or organizational measures;

(g) is aware of its responsibility for compliance with the above principles and is able to demonstrate compliance (accountability).

 

For what purpose, what personal data, on what legal basis and for how long does the Data Controller process the data?

The Special Part of this privacy policy describes the purpose, the scope of personal data, the legal basis and the duration for which the Data Controller processes data.

 

Does Data Controller use automated decision-making or profiling?

The Data Controller does not use automated decision-making and does not create a profile of the data subjects from the data available.

 

 

What rights are data subjects are entitled to?

The Data Controller shall ensure the exercise of the following rights of data subjects by cooperating with data subjects in the exercise of those rights, provided that Union or Member State law applicable to the data controller may restrict the rights of the data subject to the necessary and proportionate extent if the protection of the rights or freedoms of data subject or others are necessary or in order to enforce civil claims (GDPR Article 23):

a) right to information:

In accordance with the principle of fair and transparent data process, it shall provide the data subject with the information required by law, as specified in the legislation.

The Data Controller shall make the information required by law available to the data subject even if the personal data were not obtained from the data subject, unless the personal data are required to remain confidential under a professional secrecy obligation under Union or Member State law, including legal confidentiality.

b)      right to access:

the data subject is entitled to receive feedback from the Data Controller as to whether the processing of his or her personal data is in progress and, if so, to obtain access to the personal data and the information specified by law. The Data Controller shall make a copy of the personal data subject to data processing available to the data subject once, free of charge. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. If the data subject has submitted the request electronically, the information shall be provided by the Data Controller in a widely used electronic format, unless otherwise requested by the data subject.

The right to request a copy must not adversely affect the rights and freedoms of others (in particular a person who is a data subject's customer enforcing a civil claim),

c)       right to withdraw consent:

if the legal basis for the processing is the data subject's consent, the data subject may withdraw his or her consent to the data processing at any time, but the withdrawal of the consent shall not affect the lawfulness of the consent-based data processing prior to the withdrawal. The Data Controller may also process personal data for the purpose of fulfilling its legal obligations or enforcing its legitimate interests after the withdrawal of consent, if the enforcement of the interest is proportionate to the restriction of the right to the protection of personal data,

d)      right to rectification:

the data subject may request the Data Controller to correct the inaccurate personal data concerning him / her without undue delay or supplement his / her incomplete personal data,

e) right to deletion:

the data subject may request that Data Controller deletes personal data concerning him or her without undue delay, which may be refused only in cases provided for by law, in particular if the processing is necessary under EU or Member State law governing the processing of personal data or for the purpose of fulfilling an obligation under this Regulation or for bringing, enforcing or defending legal claims. If the data management obligation is prescribed by law, the Data Controller may not delete the data of the data subject,

f) right to forget:

this right imposes an obligation on the Data Controller – if the personal data was published and due to exercising the right to deletion such data shall be deleted -  by taking into consideration the costs for implementation and the available technology to take reasonable steps (including technical measures) to inform the data controllers that the data subject has requested the deletion of links to the personal data in question or of a copy or duplicate of such personal data,

g) right to restriction:

the data subject is entitled to restrict the data processing upon the request of the Data Controller if

- the data subject disputes the accuracy of the personal data (in this case, the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data),

- the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted,

- the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims, or

- the data subject has exercised his or her right to protest against the data processing (in this case, the restriction applies for as long as it is established whether the data controller's legitimate reasons take precedence over the data subject's legitimate reasons),

h) the right to be informed of the recipients informed of the rectification, erasure or restriction of the processing of personal data:

the Data Controller shall inform all recipients to whom or with whom the personal data have been communicated of the rectification, deletion or restriction of the processing of personal data on the request concerned, unless this proves impossible or requires a disproportionate effort. Upon the request of the data subject, the Data Controller shall inform these recipients,

i)        right to data portability:

if the legal basis for the processing is the data subject's consent or the performance of the contract and the processing of personal data is automated, the data subject is entitled to:

- receiving the personal data concerning him / her made available to the Data Controller in a structured, widely used, machine-readable format,

- transferring this data to another data controller without being hindered by the Data Controller,

- if this is technically feasible, requesting the Data Controller to transfer personal data directly between data controllers,

j)        right to protest:

the data subject is entitled at any time to object, to the processing of his or her personal data necessary for the performance of a task performed in the legitimate interests of the Data Controller or a third party due to reasons related to his or her own situation. In this case, the Data Controller shall not be entitled to further process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or protection of legal claims.

k) right to remedy:

if, in the opinion of the data subject, the processing of personal data concerning him or her violates the legal requirements, he or she may file a complaint with the data protection supervisory authority or is entitled to legal remedy.

 

 

How can the data subject submit requests for data processing, withdrawal of a given consent to data processing?

The data subject is entitled to submit request

via post to the following address: Tápfutár Webáruház Zrt , Hofherr Albert utca 42., 1194 Budapest,

in person at the seat of the Data Controller: Tápfutár Webáruház Zrt , Hofherr Albert utca 42., 1194 Budapest),

via phone +36 30 / 235 6737

via e-mail: order@biogenicpetvitality.eu

 

Handling of the data subjects’ request

The Data Controller shall inform the data subject of the action taken on his or her request within one month of receiving the request submitted by the data subject. If necessary, this period may be extended by a further two months. The Data Controller shall inform the data subject of the extension of the deadline - within one month from the receipt of the request -, indicating the reasons for the delay.

If the data subject has submitted the request electronically, the Data Controller shall, if possible, provide the information electronically, unless the data subject requests otherwise.

If the Data Controller does not take action on the data subject's request, he / she shall inform the data subject within one month from the receipt of the request about the reasons for the not taking actions and of the data subject's right to lodge a complaint with a supervisory authority.

 

Joint data management

The Data Controller does not perform joint data management activities.

 

What kind of data processor does the data controller use?

The Data Controller is entitled to use data processing service to process the processed personal data.

A processor is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.

The Data Controller shall only use a data processor who provides sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the data processing complies with legal requirements and protects the rights of the data subjects.

The data processor may not use an additional data processor without the prior written ad hoc or general authorization of the Data Controller.

The Data Controller uses the data processing services of the following companies:

  • [name, seat / address, company registration number, activity of the data processor]
  • ALPHA-VET Kft.. 1194 Budapest, Hofherr Albert 42., 01-09-730169, administration, booking
  • ShopRenter.hu Kft, 4028 Debrecen, Kassai út 129., 09-09-020636, website service
  • GLS General Logistics Systems Hungary Kft., 2351 Alsónémedi, GLS Európa utca 2., 13-09-111755, transport activity

In addition to the above, the Data Controller is entitled to use other data processors (e.g. translator, financial expert) for the performance of a given order, about which it informs the data subject individually during the execution of the order.

Are the processed personal data transferred to a third country by the Data Controller?

The Data Controller does not regularly transfer personal data to a third country; in case of an eventual individual data tranfer, the data subjects will be separately informed, accordance with the section of „What rights are data subjects are entitled to”?

 

What measures are taken by the Data Controller to protect the data?

The Data Controller shall protect the processed personal data by technical and organizational measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage and inaccessibility due to changes in the technology used. In this context, among other things

  • access to data stored in the corporate governance and document management system is only possible with a password and appropriate authorization,
  • the use of computer equipment is subject to unique password,
  • the IT system is regularly audited for data protection and IT security,
  • protection against malware is provided,
  • physical access protection measures (building partitioning, access, door closing) are applied,
  • an intrusion detection system is used,
  • personal security measures are implemented,
  • adequate resources for the performance of tasks are provided, awareness of the importance and requirements of data security in relation to its employees are raised,
  • fire protection equipment, fire alarm is used,
  • access to documents is logged,
  • it is backed up to a separate data storage.

 

In order to protect the data files processed electronically in its various registers, the Data Controller shall ensure by an appropriate technical solution that the stored data - unless permitted by law -, cannot be directly linked and assigned to the data subject.

Who shall be responsible for the damage caused by the processing of personal data?

The Data Controller shall be liable for the damage caused by the unlawful processing of personal data or the violation of data security requirements, for the violation of the personal rights of the data subject, and if the violation is acknowledged or legally established, the damage shall be compensated. In the event of a violation of the data subject's right to privacy, the data subject may claim damages (Section 2:52 of Act V of 2013 on the Civil Code). The Data Controller is also liable for the damage caused by its engaged data processor.

The Data Controller shall be released from liability in case of proving that it shall not be liable in any way for the event that caused the damage.

What remedies are available to you in relation to data process?

In connection with the lawfulness of data processing, the data subject is entitled to initiate the procedure of the National Data Protection and Freedom of Information Authority (Falk Miksa utca 9-11. 1055 Budapest, Postal address: 1363 Budapest, Pf. 9., website: www.naih.hu, phone: +36 (1) 391 -1400, fax: +36 (1) 391-1410, central e-mail address: ugyfelszolgalat@naih.hu) or, at your choice, you may initiate a legal proceeding in front of the court of your address (domicile) or the Data Controller's registered office. You can find the court of your place of residence or temporary address at  http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso.

In the absence of such obligation, a Data Protection Officer was not appointed by the Data Controller.

II. Special Part

II/1. Processing personal data required for registration on the website

Purpose of the data process

Creation of an account with registration

Processed personal data

Name, password, home address, location, email address, username

Legal basis of the data processing

consent (Article 6 Point 1) a) of GDPR)

Duration of the data processing

Until your consent is revoked or your registered account is deleted

Information / source of data on the provision of data by the data subject

in the absence of data provision, creating a registered account and placing an order is not possible

 

II/2. Data processed in connection with an order in a webshop

Purpose of the data process

Fulfilling an order in a webshop

Processed personal data

Name, password, date of birth, home address, location, email address, username, shipping address]

Legal basis of the data processing

performance of the contract (Article 6 Point 1) b) of GDPR)

Duration of the data processing

Equal to the limitation period, which is 5 years

Information / source of data on the provision of data by the data subject

in the absence of data provision, you cannot place an order in our Webshop

 

II/3. Personal data processed during accounting procedures

Purpose of the data process

Performance of accounting obligations

Processed personal data

personal data processed in connection with the fulfilment of accounting obligations

Legal basis of the data processing

Performance of legal obligation (Article 6 Point 1) c) of GDPR and Act on the Rules of Taxation and act on Accounting)

Duration of the data processing

The period specified in the effective laws, currently 8 years.

Information / source of data on the provision of data by the data subject

the provision of data is based on a legal obligation.

 

II/4. Complaint handling

Purpose of the data process

Complaint handling and investigation

Processed personal data

Name, password, date of birth, address, e-mail address, all information in the complaint

Legal basis of the data processing

Performance of legal obligation of the data processor (Article 6 Point 1) c) of GDPR and paragraphs (5) and (7) of Section 17/A.  on consumer protection

Duration of the data processing

5 years

Information / source of data on the provision of data by the data subject

You can not exercise your consumer rights.

 

II/5. Registration to newsletter

Purpose of the data process

Sending a newsletter about news

Processed personal data

Name, e-mail address, date of birth

Legal basis of the data processing

Consent

(Article 6 Point 1) a) of GDPR, and paragraph 1) Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities as well as Act  CVIII of 2001

Duration of the data processing

Until the consent is revoked.

Information / source of data on the provision of data by the data subject

You will not longer receive our newsletters.

II/6. Cookies used on the website

Purpose of the data process

Enhancing user experience

Processed personal data (in order)

1.       CookieConsent

2.       ssupp.vid

3.  _ga

4.       _gat

5.       _gid

6. ssupp.visits

7. VISITOR_INFO1_LIVE

Legal basis of the data processing

Consent

(Article 6 Point 1) a) of GDPR, and legitimate interest (Article 6 Point f)

Duration of the data processing (in order)

1. 1 year

2. 6 months

3. 2 years

4. 1 day

5. 1 day

6. 6 months

7. 179 days

Information / source of data on the provision of data by the data subject

1. Stores the user's cookie consent state for the current domain

2. Necessary for the functionality of the website's chat-box function.

3. Preserves users states across page requests.

4. Used by Google Analytics to throttle request rate.

5. Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

6. Identifies the last page visited by the visitor. This is used in order to make the chat-box function more relevant.

7. Tries to estimate the users' bandwidth on pages with integrated YouTube videos.

 

II/7. Return of products

Purpose of the data process

Performing the return of products in case of exercising the right of withdrawal

Processed personal data

Name, password, date of birth, home address, location, e-mail address, other data recorded in the handover protocol]

Legal basis of the data processing

Performance of legal obligation

(Article 6 Point a) of GDPR, and legitimate interest (Article 6 Point f)

Duration of the data processing

5 years

Information / source of data on the provision of data by the data subject

The source of the data is the data subject. If you do not provide your details, you will not be able to exercise your right of withdrawal.

Search