Adatkezelési tájékoztató

PRIVACY POLICY

 

Part I
Introduction

 

KAP International Limited Liability Company (abbreviated name: KAP International.; company registration number: 01-09-380292, tax number: 23984419-1-41, registered office: 1021 Budapest, Hűvösvölgyi street 64-66.; hereinafter: Data Controller) by publishing this Notice, it takes measures to comply with the following legislation with the aim of providing natural persons involved in the processing of personal data (partners of the Data Controller, hereinafter: data subjects) in a concise, transparent, comprehensible and easily accessible form, communicate in a clear and comprehensible manner, as well as help those concerned to exercise their rights contained in this Notice.

 

The data controller considers the protection of the personal data of the data subjects and the respect of the data self-determination rights of the data subjects to be of utmost importance. The data controller treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data.

 

The processing of personal data is based on the following legislation:

 

CXII of 2011 on the right to information self-determination and freedom of information. Act (hereinafter: Infotv.),

Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free flow of such data, as well as the repeal of Regulation 95/46/EC (General Data Protection Regulation) ( hereinafter: GDPR),

CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society (Eker. tv.);

XLVIII of 2008 Act - on the basic conditions and certain limitations of economic advertising activity (Grt.).

 Part II.
Basic data

 

  1. The data controller:

Company name: KAP International Limited Liability Company

registered office: 1021 Budapest, Hűvösvölgyi út 64-66

Company registration number: 01-09-380292

Registered by: Company Court of the Capital City Court

Tax number: 23984419-1-41

represented by Zoltán Faragó, managing director

E-mail: zoltanfarago@kapprocessing.com

Website: https://kapprocessing.com

 

  1. The Data Processor:

The Data Controller may use a Data Processor during the data management activities set out in this information sheet.

If there is a change in the person of the data processor(s), the Data Controller will inform the data subjects about this – about the modification of the information.

 

Data processor name

Data processor availability

Data processing activity

 

 

hosting service

 

  1. Modification and scope of this information

The data manager reserves the right to change this information unilaterally, without time limit, and will notify those affected by the data management of any changes in a timely manner. Amendments to the data management information sheet may become necessary primarily for the sake of legal compliance.

This information is valid until withdrawn, and its scope extends to the officers, employees, data protection officer (if any) of the Data Controller; and to all those concerned whose personal data is managed by the Data Controller.

The Data Controller will ensure that this information is reviewed and updated as necessary. If the Data Controller intends to carry out further data processing of the personal data for a purpose other than the purpose of their collection, it shall inform the Data Subject of this and obtain their prior, express consent, or provide them with the opportunity to prohibit the use.

 

  1. Definitions

During the activities related to data management, as well as in this information, the Data Controller himself uses the terms used in Infotv. and GDPR.

 

Part III.
Management of personal data

 

1. Data management related to sending newsletters and marketing messages

 

Visitors to the Data Controller's website have the opportunity to subscribe to the newsletter, in which case they will be informed about the latest sales and promotions.

 

Managed personal identification data

Legal title (legal basis)

Purpose of data management

Name

Consent of the data subject (GDPR Article 6 (1) point a)

sending a newsletter

e-mail address

Consent of the data subject (GDPR Article 6 (1) point a)

sending a newsletter

 

Duration of data management: The data manager processes the collected personal data for a maximum of 8 (eighth) days after the data subject has withdrawn his consent to data management or requested the deletion of the data.

 

The consequence of refusing consent is that the patient cannot be booked for the requested examination, and the service will not be provided for him at the agreed time. Providing the telephone number is not mandatory, failure to do so will result in the Data Controller not being able to inform the data subject of a possible time change.

 

2. Data management during contact

 

Data management is carried out if you contact us with a question about a product by email, contact form or by phone. Prior contact is not mandatory, you can skip this and order from the webshop at any time.

 

Managed personal identification data

Legal title (legal basis)

Purpose of data management

Name

Consent of the data subject (GDPR Article 6 (1) point a)

clarification of questions arising during contact initiated by the customer concerned

e-mail address

Consent of the data subject (GDPR Article 6 (1) point a)

clarification of questions arising during contact initiated by the customer concerned

 

Duration of data management: The data manager processes the collected personal data for a maximum of 8 (eighth) days after the data subject has withdrawn his consent to data management or requested the deletion of the data. The processed personal data will be deleted within 30 days after the end of the contact.

 

The consequence of refusing consent is that the buyer who initiated the contact will not receive any answers to their questions. Providing the telephone number is not mandatory, failure to do so will result in the Data Controller not being able to call the data subject back for later consultation.

 

3. Registration on the website

 

By storing the data entered during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to be entered again when making a new purchase). Registration is not a condition for concluding a contract.

 

 

Managed personal identification data

Legal title (legal basis)

Purpose of data management

Name

Consent of the data subject (GDPR Article 6 (1) point a)

completing the registration on the website in order to order later more flexibly, in case of placing an order, carrying out the delivery, identifying the customer.

e-mail address

Consent of the data subject (GDPR Article 6 (1) point a)

completing the registration on the website for more flexible ordering later, confirming the order in case of placing it, identifying the customer

Address

Consent of the data subject (GDPR Article 6 (1) point a)

completing the registration on the website in order to order later more flexibly, in case of placing an order, carrying out the delivery, identifying the customer.

Phone number

Consent of the data subject (GDPR Article 6 (1) point a)

completing the registration on the website in order to order later more flexibly, in case of placing an order, carrying out the delivery, identifying the customer.

 

Duration of data management: The data manager processes the collected personal data for a maximum of 8 (eighth) days after the data subject has withdrawn his consent to data management or requested the deletion of the data. By deleting the registered profile, the Data Controller deletes the managed personal data.

 

The consequence of refusing consent is that registration cannot be completed and a unique profile cannot be created on the website.

 

4. Order processing

 

During the processing of orders, data management activities are necessary in order to fulfill the contract.

 

 

Managed personal identification data

Legal title (legal basis)

Purpose of data management

Name

Consent of the data subject (GDPR Article 6 (1) point a)

Fulfillment of an online purchase or sales contract submitted via a website; fulfillment of a rental agreement

e-mail address

Consent of the data subject (GDPR Article 6 (1) point a)

Fulfillment of an online purchase or sales contract submitted via a website; fulfillment of a rental agreement

Address

Consent of the data subject (GDPR Article 6 (1) point a)

Fulfillment of an online purchase or sales contract submitted via a website; fulfillment of a rental agreement

Phone number

Consent of the data subject (GDPR Article 6 (1) point a)

Fulfillment of an online purchase or sales contract submitted via a website; fulfillment of a rental agreement

 

In the case of an order, the Data Controller manages the characteristics of the purchased product, the order number and the date of purchase.

 

Duration of data management: The data manager processes the collected personal data for 5 years according to the civil law statute of limitations.

 

The consequence of refusing consent is that the order cannot be fulfilled, and the sales contract between the Data Subject and the Data Controller is not created.

 

 

5. Issue of an invoice

 

The data management process takes place in order to issue an invoice in accordance with the legislation and to fulfill the obligation to preserve accounting documents. The Sztv. Pursuant to § 169, paragraphs (1)-(2), economic companies must keep the accounting documents directly and indirectly supporting the accounting.

 

Managed personal identification data

Legal title (legal basis)

Purpose of data management

Name

Fulfilling a legal obligation (GDPR Article 6 (1) point c)

CXXVII of 2007 on VAT. Completion of mandatory invoicing according to § 159, paragraph (1).

Address

Fulfilling a legal obligation (GDPR Article 6 (1) point c)

CXXVII of 2007 on VAT. Completion of mandatory invoicing according to § 159, paragraph (1).

 

Duration of data management: The data manager manages the collected personal data for 8 years based on § 169 (2) of Act C of 2000 on accounting.

 

The consequence of refusing consent is that the order cannot be fulfilled, and the sales contract between the Data Subject and the Data Controller is not created.

 

6. Data management related to the delivery of goods after the payment of the order

 

The data management process takes place in order to deliver the ordered product.

 

Managed personal identification data

Legal title (legal basis)

Purpose of data management

Name

Fulfillment of the contract (GDPR Article 6 (1) point b)

Delivery and delivery of the ordered product to the Data Subject.

Address

Fulfillment of the contract (GDPR Article 6 (1) point b)

Delivery and delivery of the ordered product to the Data Subject.

Phone number

Fulfillment of the contract (GDPR Article 6 (1) point b)

In order to deliver and hand over the ordered product to the Data Subject, contact is established for the purpose of negotiating the details of the delivery.

E-mail address

Fulfillment of the contract (GDPR Article 6 (1) point b)

In order to deliver and hand over the ordered product to the Data Subject, contact is established for the purpose of negotiating the details of the delivery.

 

Duration of data management: The Data Controller manages the data until the delivery of the ordered goods.

 

The consequence of refusing consent is that the order cannot be fulfilled, and the ordered product(s) cannot be delivered to the Affected customer.

 

The Data Subject acknowledges that the delivery of the order is carried out by an external agent (GLS General Logistics Systems Hungary Kft.), who qualifies as a data processor. The courier service contributes to the delivery of the ordered goods based on the contract concluded with the Data Controller. The courier service handles the personal data received in accordance with the data management information available on its website.

 

Part IV.
OTHER DATA MANAGEMENT ISSUES

 

  1. The right to withdraw consent:

 

Data processing based on consent can only take place if the person concerned gives his voluntary, specific, informed and clear consent to the processing of data by means of a clear affirmative act, for example a written – including electronic means – or oral statement. Silence, a pre-ticked box, or inaction does not constitute consent. Consent is also considered if a data subject makes a statement or action that clearly indicates the consent of the person concerned to the processing of his personal data in the given context.

If the data management is based on consent, the data controller must be able to prove that the data subject has consented to the processing of his personal data. If the data subject gives his consent in the context of a written statement that also applies to other matters, the request for consent must be communicated in a way that is clearly distinguishable from these other matters. The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. Before giving consent, the data subject must be informed of this. It should be possible to withdraw consent in the same way as to give it.

 

Conditions for the child's consent in relation to services related to the information society:

If point a) of Article 6 (1) of the GDPR is the legal basis for data management, the processing of personal data in relation to information society-related services offered directly to children is legal if the child has reached the age of 16. In the case of a child under the age of 16, the handling of the children's personal data is legal only if and to the extent that the consent was given or authorized by the person exercising parental supervision over the child.

The data controller - taking into account the available technology - makes reasonable efforts to verify in such cases that the consent was given or authorized by the exerciser of parental custody over the child.

The data controller informs those concerned that it does not provide information society-related services offered directly to children.

 

Personal data is voluntarily made available to the Data Controller by the Data Subject, which is why when providing the data, care must be taken gradually to ensure their veracity, correctness and accuracy, because the Data Subject is responsible for them. Incorrect, inaccurate or incomplete data can be an obstacle to using the Data Controller's services.

 

In order to fulfill a legal obligation or assert a legitimate interest, the Data Controller may process certain data even after the withdrawal of consent, and informs the data subject of this upon withdrawal of consent.

 

  1. The following are entitled to access the data:

The Data Controller, as well as its employees, as well as the participating persons who have a legal relationship with the Data Controller for the purpose of providing services, are only entitled to access personal data in connection with the performance of their tasks, for the purpose of the effective performance of the activity and only to the extent necessary for this.

In the case of handling special data, the data controller or the data processor acting on his behalf or at his direction shall ensure with appropriate technical and organizational measures that, during the performance of the data management operations, access to the special data shall be granted only to those whose duties are absolutely necessary for the performance of the tasks related to the data management operation.

 

The court, the prosecutor's office and other authorities (e.g. police, tax office, National Data Protection and Freedom of Information Authority) may contact the Data Controller for the purpose of providing information, communicating data or making documents available. In these cases, the obligation to provide data must be fulfilled, but only to the extent absolutely necessary to achieve the purpose of the request.

 

  1. Data transmission: The Data Subject's data are only transmitted within the framework defined by law, and in the case of data processors, the Data Controller ensures by stipulating contractual conditions that they cannot use the Data Subject's personal data for purposes contrary to the Data Subject's consent.

The data manager does not transfer data abroad.

 

  1. Data security

By applying technical and organizational measures appropriate to the level of risk, the data controller ensures the security of the data of the data subjects, the protection against unauthorized or illegal processing, accidental loss, destruction or damage of the data, including ensuring the confidentiality, integrity and availability of the IT systems and tools used to manage personal data. and resilience. To this end, the data controller uses IT tools, especially firewalls, encryption, and physical protection devices in its systems, and also provides physical protection to all locations where the data is accessible. When determining and applying measures for data security, the Data Controller takes into account the state of the art at all times. More possible data management tries to choose the solution that ensures a higher level of protection of personal data, unless it would pose a disproportionate difficulty for the Data Controller.

 

The Data Controller ensures that no one other than the Data Controller's employees can enter the location of the personal data stored on paper, the area closed from other patients and visitors.

 

Those in a legal relationship with the Data Controller are only entitled to enter the computer system based on their own, unique code, and are only entitled and able to access the personal data of those concerned with whom they themselves came into direct contact.

 

In the event of a breakdown, the resources are available, with the help of which the elimination can be carried out quickly, efficiently and in the expected manner, compared to the extent of the breakdown.

 

all data belonging to the special categories of personal data, i.e. personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of natural persons, health data and natural personal data concerning the sex life or sexual orientation of persons

 

Part V
Rights of the affected parties, legal remedies

 

 

The data subject may exercise the rights granted to him in this information sheet and in the legislation at any of the contact details of the Data Controller indicated in this information sheet (Part II).

 

The rights of the data subject

  1. Right to request information (right of access)

You are entitled to receive feedback from the Data Controller as to whether your personal data is being processed, and if it is being processed, you are entitled to:

  • get access to the managed personal data and
  • inform the Data Controller of the following information:

o the purposes of data management;

o categories of personal data processed about you;

o information about the recipients or categories of recipients to whom the personal data has been or will be disclosed by the Data Controller;

o the planned period of storage of personal data, or if this is not possible, the criteria for determining this period;

o your right to request from the Data Controller the correction, deletion or restriction of processing of your personal data and, in the case of data processing based on legitimate interests, to object to the processing of such personal data;

o the right to submit a complaint to the supervisory authority;

o if the data was not collected from you, all available information about its source;

o about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.

 

The purpose of exercising the right may be aimed at establishing and checking the legality of data management, therefore, in case of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.

Access to personal data is ensured by the Data Controller by sending the processed personal data and information to you by email after your identification. If you have registered, we provide access so that you can view and check your personal data by logging into your user account.

Please indicate in your request that you are requesting access to personal data or information related to data management.

Upon your request, information must be sent to the provided contact information immediately, but within 30 days at most.

 

  1. Right to rectification

 

Any interested party may request the modification or addition of any of their data. Upon your request, action must be taken immediately, but within no more than 30 days, and information must be sent to the contact address provided.

  

  1. The right to erasure (forgetfulness).

 

Any interested party may request the deletion of their data if a) their personal data are no longer needed for the purpose for which they were managed by the Data Controller; b) the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management; c) the data subject objects to the data processing and there is no other legal reason for the data processing, d) the Data Controller processed his personal data illegally; e) your personal data must be deleted to fulfill the legal obligation applicable to the Data Controller; f) the collection of personal data took place in connection with the offering of information society-related services to children.

Upon request, this must be done immediately, but within 30 days at most, and information must be sent to the contact address provided.

 

  1. Right to blocking and restriction

You have the right to have the Data Controller restrict data processing at your request if one of the following is true:

  • You dispute the accuracy of the personal data, in which case the restriction applies to the period that allows the Data Controller to check the accuracy of the personal data, if the exact data can be determined immediately, the restriction will not apply;
  • the data management is illegal, but you oppose the deletion of the data for any reason (for example, because the data are important to you in order to enforce a legal claim), therefore you do not request the deletion of the data, but instead request the restriction of their use;
  • the Data Controller no longer needs the personal data for the purpose of the indicated data management, but you require them to submit, enforce or defend legal claims; obsession
  • You have objected to the data processing, but the legitimate interests of the Data Controller may also be the basis for the data processing, in this case until it is established whether the legitimate reasons of the Data Controller take precedence over your legitimate reasons, the data processing must be limited.

If data management is subject to restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.

The data controller will inform you in advance (at least 3 working days before the restriction is lifted) of the lifting of the restriction on data management.

The blocking lasts as long as the specified reason makes it necessary to store the data. Upon request, this must be done immediately, but within 30 days at most, and information must be sent to the contact address provided.

 

  1. The right to protest

Any person can object to data processing based on legitimate interest via the contact details provided. In this case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims are connected. The objection must be examined as soon as possible, but no later than 15 days after the submission of the application, a decision must be made regarding its validity and information about the decision must be sent to the contact address provided.

 

  1. The right to data portability:

The data subject may ask the Data Controller to receive the personal data provided by the data subject to the Data Controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller, if the data processing is based on the consent of the data subject or is based on a contract and the data is processed in an automated manner. When exercising the right to data portability, the data subject is entitled to - if this is technically feasible - request the direct transfer of personal data between data controllers.

The data controller fulfills the data subject's request within a maximum of 30 days and notifies the data subject of this in a letter sent to the contact address provided by the data subject.

 

  1. Automated decision-making

 

You have the right not to be subject to the scope of a decision based solely on automated data management (including profiling) that would have legal effects on you or would similarly significantly affect you. In these cases, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the data controller, to express his point of view and to submit objections to the decision.

The above does not apply if the decision:

  • Necessary to conclude or fulfill the contract between you and the data controller;
  • its execution is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession

based on your express consent.

 

  1. part

Legal enforcement options related to data management

 

  1. The data subject may contact the Data Controller with a complaint related to data management in accordance with Section II of this information. on any of the contact details indicated in if the Data Controller's procedure is not considered acceptable by the data subject, then directly to the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih .hu; website: www.naih.hu).

As an official, the executive oversees the data management of the Data Controller with full authority and is entitled to take all necessary measures to promote data protection.

 

  1. In case of unlawful data processing, the data subject may initiate a civil lawsuit against the data controller. Adjudication of the lawsuit falls within the jurisdiction of the court. According to the choice of the person concerned, the lawsuit can also be initiated before the court of his place of residence (you can view the list and contact details of the courts via the following link: http://birosag.hu/torvenyszekek).

The court acts out of sequence in the case.

 

  1. The data controller shall inform the data subject without undue delay, but at the latest within one month of receipt of the request. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The obligation to provide information can be ensured by operating a secure online system through which the data subject can easily and quickly access the necessary information.