Data Management Policy
The personal data provided by our customers and visitors on the website www.protectone.com (hereinafter: Webshop) is processed by ProtectOne Limited Liability Company (registered office: H-1021 Budapest, Völgy u. 5/A.; company registration number: 01-09-944010; tax number: 22797933-2-41; e-mail: info@protectone.com (hereinafter: Company).
Purpose and scope of the Policy
In adopting these data protection rules, the Company has considered, in particular, the following legislation:
The Fundamental Law of Hungary
Act V of 2013 on the Hungarian Civil Code (hereinafter referred to as the “Civil Code“);
Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter referred to as “Info Tv.”);
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive (EC) No 95/46/EC (hereinafter referred to as “GDPR”).
The Company shall process personal data at all times in accordance with the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: the “Info Act“) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation – GDPR“).
The customer visiting the Webshop shall accept the provisions of this Privacy and Data Protection Policy. Only a customer who is of full legal capacity (a capable adult whose legal competency is not restricted or excluded) may purchase products or register a profile in the Webshop. The Company does not verify the personal data provided by the Customer. The Customer is responsible for the accuracy and timeliness of the personal data provided.
Definitions
Data processing: any operation or set of operations which are performed upon personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller: the person who, alone or jointly with others, determines the purposes and means of the processing of personal data. The Company identified in this Policy is considered the controller for the purposes of this Policy.
Data Subject: any specific natural person identified or identifiable, directly or indirectly, on the basis of personal data.
Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors.
Data Processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Service Provider as data controller.
Data Protection Authority: National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11.)
I. Contact, Information
1. Our staff may request the contact details, e-mail address, postal address, telephone number of the customer (of the customer’s choice) in order to answer the customer’s question. In the event that the customer requesting information has yet not registered in the Webshop prior to the request, our Company will process the contact details (which may constitute personal data) provided by the customer until the question is answered (based on the voluntary consent of the data subject), at the latest six months after the request for information (in order to enable the customer to receive a written reply again, e.g. due to a technical error), and then delete them from the records. In the case of a contact or request for information, the purpose of the data processing is to contact the visitor or customer. Data processed: e-mail address, surname and first name. The legal basis of the data processing is the consent of the customer.
II. Purchase in the Webshop
Customers may purchase products in the Company’s Webshop only as a registered customer. With regard to the principle of data protection as referred to in the GDPR, the Company shall ask customers to provide only the appropriate and relevant personal data strictly necessary for the preparation and performance of the contract between the Company and the customer, such as for the purposes of distinguishing between customers, record keeping and for the fulfilment of the legal obligations of the Company. Without registering the necessary personal data, the customer cannot order a product and the contract cannot be concluded by and between the customer and the Company. The purpose of data processing is the purchase, ordering, issue of accounting documents, fulfilment of customer orders, documentation of purchase and payment, fulfilment of accounting obligations.
When making a purchase as a registered customer, the Company processes the following data provided by the customer (mandatory data):
– first name, last name, e-mail address, delivery address, telephone number, as well as details of purchases (purchases, date of order, product purchased, value of purchase, order number) and the IP address of the customer;
– Optional: the business name of the customer;
The Company shall process the data of the customers for the period necessary to fulfil the order and any warranty and guarantee claims, for a period of five years from the fulfilment of the contract. The legal basis for the processing is the performance of the contract or the fulfilment of the Company’s legal obligations.
The Company shall be entitled and obliged to transmit the lawfully processed personal data available to the competent authorities and courts in accordance with the provisions of GDPR, applicable law or a final and enforceable judicial decision. The Service Provider shall not be liable for any consequences arising from the mandatory transfer of data pursuant to this clause.
The Company does not transfer personal data to third countries or international organizations in the course of data processing.
When paying via credit card, the Customer is automatically redirected to the Bank’s payment page, so that the payment is not made on the Webshop page, but directly on the page operated by the Bank (the payment service provider), which operates in accordance with the rules and security standards of international bank card companies. Therefore, the Company does not have any access to the details, number or expiry date of the customer’s card or the corresponding account behind it. In relation to the payment of the customer, the Bank will only send the transaction ID of each payment to the Company in order to inform the Company of the success or failure of the payment.
III. Complaints, Warranty management
In relation to the products sold by the Company, the Customer may lodge a complaint in person, either by e-mail or by post, in accordance with the relevant clause of the GTC. In order to deal with consumer complaints as well as to examine the legitimacy of warranty claims and to fulfil the warranty claim, the Company processes the personal data (first and last name, e-mail address and postal address of the customer) that are indispensable for the handling of the complaint. The legal basis for the processing is the fulfilment of the legal obligations of the Company. The Company shall keep the data of customers with such complaints for the time necessary to resolve the complaint and to fulfil any warranty claims, up to five years in the case of a general complaint and up to one year in the case of a warranty claim.
IV. Profiling
The Company does not profile customers.
V. Cookies
1. Customers may disable the use of cookies in their browser program, however, if cookies are disabled, customers may not be able to fully use the features of the Webshop.
The Company uses the saved anonymous data of the Webshop only for statistical purposes, evaluating the number of visits to the Webshop. When visiting the Webshop, certain information may be collected, such as IP address, date and time of the visit to the Webshop, information about the Customer’s internet browser, operating system or the language that may have been chosen. In addition, further information may be processed about the browsing behavior of customer when visiting the Website, such as the pages visited, and the products viewed. However, in order to ensure maximum privacy protection, information relating to visits to our website is anonymous and cannot be attributed to a specific user, i.e. a specific person.
VI. Storage of personal data, Customers’ rights
The Company shall implement appropriate technical and organisational measures to ensure the highest possible level of data security in relation to the level of risk, taking into account the current state of science and technology and the cost of implementation as well as the nature, scope, context and purposes of the data processing, and the risk to the rights and freedoms of natural persons involved. The Company shall carry out data processing in such a way as to ensure the protection of the privacy of the customers. The Company protects personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction or damage and against inaccessibility resulting from changes in the technology method used, in particular by means of information technology solutions that are state of the art.
2. Customers may exercise the following rights set out in the GDPR and the Hungarian Information act by sending a written request to the Company’s contact details provided in this Policy:
Right of access to personal data: such information is free of charge but, in accordance with the provisions of GDPR, the Company will charge a fee based on the administrative costs for additional copies.
Right to rectification: The Company shall correct or complete the personal data without undue delay.
Right to erase data (right to be forgotten): the customer has the right to have his/her personal data erased by the Company at his/her request. If the personal data has been disclosed, the Company shall take all reasonable steps to inform the data controllers that the customer requests the deletion of the personal data concerned. The Company shall promptly delete the personal data of the customer without the customer’s request if:
the personal data processed are no longer necessary for the purposes for which they were collected and processed by the Company;
if the customer has withdrawn the consent on the basis of which the data were processed and there is no other legal basis for the processing;
where the customer objects to the processing and there is no overriding legitimate ground for the processing;
it is established that the Company has unlawfully processed the personal data;
the personal data must be deleted in order to comply with a legal obligation under applicable EU or Member State law;
the personal data were collected in connection with the provision of information society services to a child under the age of 16.
Right to restrict the data processing: if the customer considers that the personal data processed are inaccurate, he or she may request the restriction of processing until the actual accuracy or inaccuracy of the data is verified. If the processing is unlawful, but the customer does not want the Company to delete the data because it is in the customer’s interest for any reason, the customer may request that the Company restricts the processing rather than delete the personal data. If the purpose of the processing has ceased to exist but the customer does not want the Company to delete the personal data because of pursuing a claim, the customer may also request that the Company restrict the processing. In the event that the customer has objected to the processing, but the Company considers that the Company’s legitimate interests prevail, the restriction shall remain in place until the merits of the case are decided.
Right to portable data: the customer has the right to request the Company to transmit his/her personal data in electronic and structured form or, if technically possible, to request the Company to transmit the personal data to a third-party data controller.
Right to object: the customer may also object if the processing is based on a legitimate interest of the Company or a third party. In such cases, the data may only be processed further in exceptional cases (compelling legitimate grounds).
VII. Remedies
The Company shall inform the customer of the measures taken in relation to the request without undue delay, but within one month of receipt of the customer’s request at the latest. If necessary, considering the complexity of the request and the number of requests, this time limit may be extended by two months. The Company shall inform the customer of the extension, stating the reasons for the delay, within one month of receipt of the request. If the customer has submitted the request by electronic means, this information shall also be provided by electronic means, unless the customer has expressly requested written information by post. If the Company does not act on the basis of the customer’s request, the Company shall inform the customer without delay and within one month of receipt of the request at the latest, about the reasons for the failure to act in due time and to inform the customer that he or she may lodge a complaint with the supervisory authorities or seek judicial remedy.
The Company shall provide the requested information free of charge for the customer. If the customer’s request is unequivocally unfounded or excessive, e.g. because of its repetitive nature, the Company may charge a reasonable fee, taking into account the administrative costs of providing the information or for taking the action requested, or may refuse to take any action on the request. The Company shall provide a copy of the personal data subject to processing. The Company reserves the right to amend this policy unilaterally.
The customer may lodge a complaint with the National Authority for Data Protection and Freedom of Information in order to enforce his/her rights.
National Authority for Data Protection and Freedom of Information
Seat: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, PO Box 9.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: dpo@naih.hu
Website: www.naih.hu
Nevertheless, we would be pleased if you would first check with our Company regarding a data protection issue.
In all cases, please contact us using the contact details below:
info@protectone.com