Privacy policy
STATEMENT
Regarding the creation of the data protection policy and falling within the scope of the data protection policy, Superz Perfume Kft (H-1055 Budapest, Kossuth Lajos ter 13-15 3/2A), hereinafter referred to as the Service Provider (data controller), creates the following data protection policy today and is simultaneously subject to it. Superz Perfume Kft. undertakes to ensure that all data processing in connection with its activities complies with this policy, the applicable national legislation and the requirements set out in the legal acts of the European Union, in particular those listed below Legislation:
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) 27 April 2016):
- Act CVIII of the year — on certain aspects of electronic commerce services and information society services (in particular Article 13/A);
- Act C of 2003 on electronic communications (specifically Article 155);
- Act XC of the year XC on Electronic Freedom of Information;
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) ;
- Act XLVII of the year — prohibiting unfair commercial practices against consumers;
- Act XLVIII of the year — on the basic conditions and certain limitations of economic advertising activities (in particular Article 6);
- Act CXII of 2003 — on the right of informational self-determination and freedom of information (hereinafter: Infotv.);
- Opinion 16/2011 on the EASA/IAB Recommendation on Best Practices for Behavioural Online Advertising;
- Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information;
- Act C of 2000 on Accounting, Article 169. § (2)
This privacy policy applies to webpage www.superz.com
The privacy policy is available at: https://superz.com/policies/privacy-policy
SUPERZ Web Kft. reserves the right to change this notice at any time. Any future amendments to the Rules will take effect upon publication at that address. SUPERZ Web Kft. is committed to protecting the personal data of its customers and partners, it considers respecting the right of information self-determination of its clients to be extremely important. It will treat personal data confidentially and take all security, technical and organisational measures to guarantee the security of the data.
Superz Perfume Kft. describes its data management practices below.
data and contact details of the controller:
Name: Superz Perfume Kft.
Registered address: H-1055 Budapest, Kossuth Lajos ter 13-15 3/2A
E-mail: info@superz.hu
Tax number: 27429211-2-41
Purpose of the Privacy Policy
The purpose of these Data Management Regulations is to define the scope of personal data processed by the Data Controller, the method of data processing, to ensure respect for the privacy of natural persons, data protection and data security requirements in accordance with applicable law, and to prevent access to the User's personal data. unauthorized access, alteration and unauthorized disclosure or use of the data.
The controller declares that its processing complies with the following principles
- Principlesof legality, fair trial and transparency: The processing of personal data must be carried out lawfully and fairly and in a transparent manner to the data subject
- Purpose binding principle:Personal data must be collected for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for the purposes of archiving in the public interest, for scientific and historical research purposes or for statistical purposes shall not be considered incompatible with the original purpose in accordance with paragraph 1 of this Article;
- Data saving principle:Personal data must be appropriate and relevant for the purposes of processing and limited to what is necessary;
- Principle of accuracy:Personal data must be accurate and, where necessary, kept up to date; all reasonable measures shall be taken to ensure that personal data which are inaccurate for the purposes of data processing are erased or rectified without delay;
- Limited storage principle:Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if the processing of personal data is carried out in accordance with paragraph 1 for the purposes of archiving in the public interest, scientific and historical research or statistics, protection of the rights and freedoms of data subjects under this Regulation; subject to the implementation of appropriate technical and organizational measures
- Principles of integrity and confidentiality:The processing of personal data must be carried out in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by means of appropriate technical or organizational measures;
- Principle of accountability:The controller shall be responsible for compliance with the above and be able to demonstrate such compliance.
Terms and Definitions
Personal data: any information relating to an identified or identifiable natural person (“data subject”); identifiable is a natural person who, directly or indirectly, in particular an identifier such as a name, number, location data, online identifier or a natural person be identified on the basis of one or more factors relating to his physical, physiological, genetic, mental, economic, cultural or social identity;
processing: any operation or set of operations carried out on personal data or files by automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission of communication, by dissemination or otherwise making available, coordination or interconnection, restriction, erasure or destruction;
“controller” means a natural or legal person, public authority, agency or any other body which independently or jointly determines the purposes and means of processing personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may be determined by Union or Member State law;
'processor' means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
“recipient” means the natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether or not a third party. Public authorities which have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities shall, in accordance with the purposes for which the data are processed, be subject to the applicable data protection rules;
"Consent of the data subject" means a voluntary, specific and well-informed and unambiguous statement of the will of the data subject to indicate his or her consent to the processing of personal data concerning him or her by means of a statement or unambiguous statement of consent;
personal data breach: a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed;
Data management,
The legal basis for data processing is based on the voluntary consent of SUPERZ Web Kft. [Article 6 (1) a) GDPR]. Data processing takes place on the basis of a voluntary, firm, appropriate informed, unmistakable consent statement of consent of the Data Subjects, which contains the express consent of the Data Subjects to process their personal data in the course of using the Website be placed (complete or covering individual operations).
Scope of users (visitor, registered user, subscriber): In particular, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) Article 1 of Regulation (EU) 2016/679, (1) to (2), the visitor of the site www.superz.hu and the registered user of http://superz.hu shall be deemed to be the data subject. Superz Perfume Kft. (as: During the operation of www.superz.hu or www.superz.eu website, the www.superz.hu website handles the data of visitors, registrants and newsletter subscribers (as Data Subjects).
Data subjects, with respect to technical data , accept the provisions of this Privacy Policy as binding upon themselves by visiting http://superz.com and/or superz.eu for the purpose of obtaining information and/or entering the site. With respect to all other data, the Data Subjects accept this Privacy Policy with their consent during the registration process. In the latter case, the Data Subject, for all the data requested to provide, consent to the fact that Article 6 (1) (a) (a) of the General Data Protection Regulation (GDPR) and Article 7 of the General Data Protection Regulation (GDPR) provides that the Data Controller provides the personal data provided in GDPR, and in accordance with the terms and conditions of your own data processing notice, by withdrawing your consent in accordance with Art. 7 (3) GDPR at any time, even with one click.
The Data Subject is obliged to provide authentic, real data to the Data Controller (the data subject is obliged to reimburse the damages arising from the provision of false data). The Data Subject is solely responsible for the consequences arising from incorrect or incomplete data. The Data Controller does not verify the data and their authenticity.
Scope of processed data: name (first and last name), email address, country, county, city, postal code, street, house number, billing information, telephone number, address of the page visited and the IP address of the user's computer, and related to the user's operating system and browser data. During the visit to the website http://superz.com and / or superz.eu, the Service Provider records the visitor data in order to check the operation of the service, to provide personalized service and to prevent abuse, as well as to forward it to the service companies mediated by it. The legal basis of the data processing: the consent of the data subject and Section 13 / A (3) of the Eker Act.
Purpose of Data Management The purpose of data management related to the visit to the website and registration and ordering is to fulfill the order, provide quality content services based on content and IT aspects, display personalized content and provide customer relations and issue invoices in accordance with accounting rules.
The Data Subjects expressly agree that the data provided by them in the uploaded/sent registration will be handled by the Data Controller, within the limits given by applicable law, for the purposes set out herein. The data processing is also carried out by the Data Controller through its IT systems. or a hosting service provider who stores the data with regard to the service of storage (data processor). If the Data Subject exceeds the scope of personal data and provides special data (eg by e-mail), he / she expressly consents to its possible processing by accepting these data management regulations, but the Data Controller informs the Data Subject that he / she handles only the data requested by the Data Controller. He is concerned and considers the method of acceptance of this policy as written. The Controller declares that the data provided by the Data Subjects are handled for a purposeful purpose and does not use them for other unspecified purposes. However, at the request of an authority, in case of a legal obligation, the Data Controller is obliged to release the data to the requester (eg an authority), Stakeholders acknowledge this with the adoption of these data management regulations and hereby expressly consent to this, so the Data Controller does not need to request further consent from Stakeholders in this regard. In this regard, the Data Subjects cannot apply to the Data Controller with claims. The Data Controller is not responsible for the data provided. In all cases where the Data Controller wishes to process the provided data for a purpose other than the purpose of the original data collection, it shall inform the Data Subject thereof and obtain its prior express consent, or provide him or her with an opportunity to prohibit its use. Data processing is carried out exclusively in Hungary and Canada.
Contributor Statement of the Data Subject
(I.) the visitor of http://superz.com ith regard to technical data automatically by going to the site;
(II) the registered user of http://superz.com with respect to the technical and other data provided by consent - by finalizing the registration,
contributes
to process your data in accordance with this Policy. In the case of processing of the data subject under this Policy, the Data Controller does not enforce damages, compensation, damages fees and other claims against the Data Controller.
Data management
Data management related to the operation of the webshop
|
Personal data |
The purpose of data processing |
|
Password |
Secure access to the user account |
|
Full name (surname and surname) |
It is necessary to contact, make purchases and issue a regular invoice. |
|
E-mail address (E-mail address) |
Relationship with the customer. |
|
Phone number |
Relationship with the customer. Improved coordination of billing or shipping issues. |
|
Billing name and address |
Issue the proper invoice and the establishment of the contract, determine its content, amend, monitor its performance, invoice the fees arising therefrom and enforcement of claims relating thereto. |
|
Shipping name and address |
Enable delivery/door-to-door delivery. |
|
Date of purchase/registration |
Performing a technical operation. |
|
IP address of the purchase/registration period |
Performing a technical operation. |
Technical data
Data generated during the use of the service which is recorded by the IT system of the Controller as a result of IT processes. In particular, but not limited to such data is the date of visit, the IP address of the Data Subject, the type of browser, the address of the previously visited website. (An IP address is a series of numbers that can be clearly identified by the computers of users who go to the Internet. With the help of IP addresses, you can even geographically locate a visitor using a particular computer. The addresses of the pages visited, as well as the date and time data alone are not capable of identifying the data subject, but in combination with other data (e.g. provided during registration), they can be used to draw conclusions about the user.) The data recorded automatically shall be logged automatically at the time of entry or exit without a separate statement or action of the Data Subject. Data files processed electronically in different registers are not linked or assigned directly to data subjects unless permitted by law. Only the Data Controller has access to the data (the hosting service provider stores the data). The data of the Registrant Data Subject are listed in a register with his own technical data in order to achieve the purpose of data processing. The Data Subject expressly agrees to this by registering the Website and accepting this policy.
|
Personal data |
The purpose of data processing |
|
IP address |
Data used to improve the quality of service. |
|
Details of the subpages visited when browsing on http://superz.com |
Data used to improve the quality of service. |
|
Time spent browsing http://superz.com |
Data used to improve the quality of service. |
|
Browser type |
Data used to improve the quality of service. |
|
Type of operating system |
Data used to improve the quality of service. |
In the case of an email address, it is not necessary to contain personal data.
Scope of data subjects The webshop website registred/purchasers are all concerned.
Duration of data processing, deadline for deletion of data Cancellation of registration immediately. The data controller shall inform the data subject electronically on the basis of Article 19 of the GDPR of the erasure of any personal data provided by the data subject. If the data subject's request for deletion extends to the e-mail address provided by the data subject, the data controller shall also delete the e-mail address after the notification. Except in the case of accounting documents, since according to Paragraph 169 (2) of Act C of 2000 on Accounting, these data must be retained for 8 years.
Accounting documents (including ledger accounts, analytical and detailing records), directly and indirectly supporting the accounting accounts, shall be kept in legible form for at least 8 years, in a manner retrievable on the basis of the reference of the accounting records.
Possible data controllers who have access to the data, the recipients of the personal data: Personal data may be handled by the sales and marketing staff of the controller, respecting the above principles. Description of the rights of data subjects in relation to data processing:
- The data subject may request from the controller access to, rectification, erasure or restriction of processing of personal data relating to him, and
- object to the processing of such personal data, and
- the data subject has the right to data portability and to withdraw consent at any time.
The data subject can initiate access to, erasure, alter or restriction of processing of personal data, portability of data, objection to data processing in the following ways:
- by post to H-1055 Budapest, Kossuth Lajos ter 13-15 3/2A
- by e-mail at info@superz.hu ,
Legal basis for data processing: Art. 6 (1) (b) GDPR, Infotv. Article 5 (1); Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: Eker tv.) Paragraph 13/A (3):
The service provider may process personal data which are technically essential for the provision of the service for the purpose of providing the service. If the other conditions are the same, the service provider must choose and in all cases operate the means used in the provision of the information society service in such a way that the processing of personal data takes place only if it is necessary for the provision of the service and other purposes specified in this Act. necessary, but in this case only to the extent and for the time necessary.
In the case of issuing an invoice in accordance with accounting legislation, Article 6 (1) (c).
Please note that data processing is necessary for the performance of a contract and to provide an offer. The personal is obliged to provide your order in order to fulfill your order. Failure to provide data is the consequences of not being able to process your order.
Manage cookies
The cookie is a packet of alphanumeric information with variable content sent by the web server, which is recorded on the user's computer and stored for a predetermined period of validity. The use of cookies allows you to retrieve certain data of the visitor and track your Internet usage.
Cookies can therefore be used to accurately determine the interests of the user concerned, the usage of the Internet and the history of visiting the website. Since cookies act as a kind of tag that allows the website to recognize the visitor returning to the site, their application can also store the user name and password valid on that page.
If during the visit of the website the user's browser sends the cookie previously saved to the hard disk, the provider sending it may link the current visit to the previous ones, however, since the cookies are linked to the domain, it can do so only with regard to its own content. Cookies are not capable of identifying the user by themselves, they are only capable of recognizing the visitor's computer.
Based on their period of validity and origin, we can distinguish several types of cookies:
“password protected session cookie”
“security cookies”
“Necessary cookies”
“Functional cookies”
“cookies responsible for managing website statistics”
The fact of data processing, the scope of the processed data: Unique identification number, dates, dates
Scope of data subjects: All data subjects visiting the website.
The purpose of data processing: Identify users and track visitors.
Duration of data processing, deadline for deletion of data
|
Cookie type |
Legal basis of data processing |
Data Management duration |
Managed Data Scope |
|
Session Cookies (session)
|
Section 13 / A (3) of Act CVIII of 2001 on Certain Issues in Electronic Commerce Services and Information Society Services (Elkertv) |
The relevant visitor session closure
|
https://superz.hu/policies/privacy-policy] |
|
Persistent or saved cookies
|
Section 13 / A (3) of Act CVIII of 2001 on Certain Issues in Electronic Commerce Services and Information Society Services (Elkertv) |
until the data subject is deleted |
https://superz.hu/policies/privacy-policy] |
|
Cookie type |
Legal basis of data processing |
DATA MANAGEMENT duration: |
Managed Data Scope |
For other cookies, the service life is 480 hours.
Description of the rights of data subjects in relation to data processing: The data subject may delete cookies from the Tools/Settings menu of their browsers, usually under the Privacy menu.
Legal basis of data processing: The consent of the data subject shall not be required if the sole purpose of the use of cookies is the transmission of communications over an electronic communications network or the provision of an information society service specifically requested by the subscriber or user.
Data management of external service providers:
Processors used
- Delivery
Activity carried out by a data processor: Delivery of products, transportation
Name and contact details of the data processor:
Gyujtoszallitas.hu Kft
H-1097 Budapest, Ecseri ut 14-16
Phone number: 061 998 8056
Email: info@gyujtoszallitas.hu
FedEx Express Hungary Transportation Kft
1185 Budapest, II. Logisztikai központ - Irodaépület, BUD Nemzetközi Repülőtér 283. ép.
Phone number: 06 29 555 500
Email: hungary@fedex.com
DHL Express Magyarország Szállítmányozó és Szolgáltató Kft.
1185 Budapest, BUD Nemzetközi Repülőtér repülőtér 302. ép.
Phone number: 061 245 45 45
Email: hu_esupport@dhl.com
Data management information: [https://superz.com/policies/privacy-policy]
https://superz.com/policies/privacy-policy]
The fact of data processing, the scope of the processed data: Shipping name, shipping address, phone number, email address.
Scope of data subjects: All parties requesting home delivery.
The purpose of data processing: Delivery of the ordered product to the house.
Duration of data processing, deadline for deletion of data: It lasts until delivery is completed.
Legal basis for data processing: User's consent, Article 6 (1) (a), Infotv. Paragraph 5 (1)
Hosting Provider
Activity carried out by a data processor: Hosting Service
Name and contact details of the data processor:
Shopify inc.
Headquarters and mailing address 50 Elgin Str. 8th floor Ottawa, Ontario K281L4 Canada.
Email: (support@shopify.com)
The fact of data processing, the scope of the processed data: All personal data provided by the data subject.
Scope of data subjects: All data subjects using this website.
The purpose of data processing: Make the website available and operate properly.
Duration of data processing, deadline for deletion of data: The data processing lasts until the termination of the agreement between the data controller and the storage provider or the data subject's request for cancellation to the storage provider.
The legal basis for data processing is Article 6 (1) (f) of the GDPR and Section 13 / A (3) of Act CVIII of 2001 on Certain Issues in Electronic Commerce Services and Information Society Services.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie associated with a website used by a User is typically stored and stored on a Google server in the United States. By activating IP anonymisation on the Website, Google will shorten the User's IP address within the European Union or in other states party to the Agreement on the European Economic Area. The entire IP address is forwarded and shortened to a Google server in the USA only in exceptional cases. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Within the framework of Google Analytics, the IP address transmitted by the User's browser is not combined with other data from Google. The User may prevent the storage of cookies by adjusting the appropriate settings of his browser, but please note that in this case, not all functions of this website may be fully used. You may also prevent Google from collecting and processing cookie data related to the use of the Website (including your IP address) by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=hu
Data management related to complaint handling
The fact of data collection, the scope of the data processed and the purpose of the processing:
|
Personal data |
The purpose of data processing |
|
First and last name |
Identification, contact. |
|
E-mail address |
Contact keeping. |
|
Phone number |
Contact keeping. |
Scope of data subjects: Subjecting users complaining.
Duration of data processing, deadline for deletion of data: Copies of the protocol, transcript and response to the objection raised shall be kept for a period of 5 years pursuant to Section 17/A (7) of Act CLV of 1997 on Consumer Protection.
Possible data controllers who have access to the data, the recipients of the personal data: Personal data may be handled by the sales and marketing staff of the controller, respecting the above principles.
Description of the rights of data subjects in relation to data processing:
- The data subject may request from the controller access to, rectification, erasure or restriction of processing of personal data relating to him, and
- object to the processing of such personal data, and
- the data subject has the right to data portability and to withdraw consent at any time.
The data subject can initiate access to, erasure, alter or restriction of processing of personal data and portability of data in the following ways:
- by post SUPERZ Web Kft. H-1076 Budapest, Garay utca 45. 1. em 120. ajtó
- by e-mail at info@superz.hu ,
Legal basis for data processing: consent of the data subject, Article 6 (1) (c), Section 5 (1) of the Infotv and Section 17 / A (7) of the Consumer Protection Act 1997 CLV.
Please note that
- provision of personal data on a contractual obligation
- the processing of personal data is a prerequisite for concluding the contract.
- you are obliged to provide personal data so that we can handle your complaint.
- failure to provide data has the consequences of not being able to deal with your complaint received by us.
Social networking sites
The fact of data collection, scope of data processed: The name registered on Facebook, Instagram, You Tube social networks and the user's public profile picture.
Scope of data subjects: All those involved who have registered on Facebook, Instagram, You Tube social media sites and “liked” the website.
Purpose of data collection Share or “like” or promote on social media sites, certain content elements, products, promotions or the website itself.
Duration of data processing, deadline for deletion of data, the person of potential controllers who have access to the data and the rights of data subjects relating to data processing: The data subject can find information on the source of data, their handling and the method of transmission and legal basis on the relevant social networking site. Data processing is carried out on social networking sites, so the duration, method of data processing and the possibilities of deletion and modification of data are governed by the regulation of the relevant social networking site!
Legal basis for data processing: voluntary consent of the data subject to the processing of his personal data on social networks.
Customer Relations and Other Data Processing
Should the data subject have any questions or problems during the use of our data management services, he / she may contact the data controller in the ways provided on the website (telephone, e-mail, social networking sites, etc.). Data controller for incoming emails, messages, phone, Facebook, etc. will delete the data provided together with the name and e-mail address of the interested party and any other personal data voluntarily provided after a maximum of 2 years from the date of disclosure.
Data processing not listed in this prospectus will be informed when recording the data.
Upon exceptional official request, or in case of requesting other bodies based on the authorization of legal regulations, the Service Provider is obliged to provide information, disclose data, or make documents available.
In these cases, the Service Provider issues personal data to the applicant, if the exact purpose and the scope of the data is indicated, only to the extent that is essential for the achievement of the purpose of the request.
Rights of data subjects
Right of access
You have the right to receive feedback from the data controller as to whether the processing of your personal data is in progress and, if such processing is in progress, you have the right to access the personal data and information listed in the Regulation.
Right to rectification
inaccurate personal data. Taking into account the purpose of the data processing, you have the right to request that the incomplete personal data be supplemented, inter alia, by means of an additional statement.
Right of cancellation
You have the right to delete personal data about you without undue delay at your request, and the data controller is obliged to delete personal data about you without undue delay under certain conditions.
Right to forgetfulness
If the controller has disclosed personal data and is obliged to delete it, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that you have requested the personal data in question, deleting links or copies or duplicates of such personal data.
Right to restrict data processing
You have the right to restrict data processing at your request by the controller if one of the following conditions is met:
- You contest the accuracy of the personal data, in which case the limitation applies to the period which allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the deletion of the data and instead request the restriction of their use;
- the controller no longer needs the personal data for the purposes of data processing, but you require them for the establishment, exercise or defence of legal claims;
- You have objected to the processing; in this case the restriction applies to the period until it is established whether the legitimate grounds of the controller prevail over your legitimate reasons.
The right to data portability
You have the right to receive personal data relating to him, which he has made available to a controller in a structured, widely used, machine-readable format and have the right to transfer such data to another controller without hindering the data controller to which the personal data has been made available.
Right to protest
In the case of processing based on legitimate interest or public authority as legal bases, you have the right to object to the processing of your personal data at any time, including profiling based on those provisions, for reasons relating to your own situation.
Protest in the evening of direct marketing
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to it for that purpose, including profiling, in so far as it relates to direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for that purpose.
Automated decision-making in individual cases, including profiling:
You have the right not to be covered by a decision based solely on automated processing, including profiling, which would have legal effects on him or similarly significantly affect him.
The preceding paragraph shall not apply where the decision:
- necessary for the conclusion or performance of a contract between you and the controller;
- is made possible by Union or Member State law applicable to the controller which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; or
- It is based on your explicit consent.
Deadline for action
The controller shall inform you without undue delay, but in any case within 1 month of receipt of the request, of the action taken on the above requests.
If necessary, it can be extended by 2 months. The controller shall inform you of the extension of the deadline, indicating the reasons for the delay within 1 month of receipt of the request.
If the controller does not take action on your request, it will inform you without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the fact that you can lodge a complaint with a supervisory authority and have recourse to the courts.
Security of data management
The controller and the processor shall take appropriate technical and organizational measures to take into account the state of the art and the costs of implementation and the nature, scope, circumstances and purposes of the processing and the varying probability and severity of the risk to the rights and freedoms of natural persons to ensure a level of data security commensurate with the degree of risk, including, where appropriate:
- pseudonymization and encryption of personal data;
- ensuring the continuing confidentiality, integrity, availability and resilience of systems and services used to process personal data;
- in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
- a procedure for systematic testing, assessing and evaluating the effectiveness of the technical and organisational measures taken to guarantee the security of processing.
Information to the data subject of a personal data breach
Where the personal data breach is likely to entail a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the personal data breach without undue delay.
The information provided to the data subject shall clearly and intelligibly explain the nature of the data protection incident and the name and contact details of the data protection officer or other contact person for further information; the likely consequences of the data protection incident must be described; a description of the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.
The data subject shall not be informed if any of the following conditions are met:
- the Controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular those measures, such as the use of encryption, which are intended to address the make the data unintelligible to persons who are not authorised to access it;
- following the data protection breach, the controller has taken further measures to ensure that a high risk to the rights and freedoms of the data subject is no longer likely to occur;
- the information would require a disproportionate effort. In such cases, data subjects shall be informed by means of publicly disclosed information or similar measures shall be taken to ensure that data subjects are equally effectively informed.
If the controller has not yet notified the data subject of a data breach, the supervisory authority may, after considering whether the personal data breach is likely to involve a high risk, order the data subject to information.
Reporting a Data Incident to the Authority
The data protection incident shall be reported by the controller to the competent supervisory authority in accordance with Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is not likely to jeopardize the rights of individuals and freedoms. If the notification is not made within 72 hours, it shall be accompanied by reasons justifying the delay.
Complaint option
Complaints against a possible infringement of the data controller may be lodged with the National Authority for Data Protection and Freedom of Information:
National Data Protection and Freedom of Information Authority
H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Correspondence address: H-1530 Budapest, Mailbox: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
23.07.2022
Superz Perfume Kft.