Privacy Policy

(Download/printing of material HERE.)

    

 

  1. Data manager and identification of present webpage

 

1.1 We inform you that this website is run by

 

NutriMed Étrendkiegészítõ Korlátolt Felelõsségû Társaság

(NutriMed Étrendkiegészítõ Ltd.)

Short name: NutriMed Étrendkiegészítõ Kft.

Corporate registration number: 09-09-029212 – Court of Justice Debrecen

Tax number: 26163341-2-09

Headquarters: Hungary, 4026 Debrecen, Simonffy u. 4-6., 1. em. 123. (1rd floor 123.)

Postal address: Hungary, 4220 Hajdúböszörmény, Hadházi u. 5.

Website: https://www.vitamed.life/index.php/en/

E-mail: info@vitamed.life

 

(Data Manager hereafter).

 

1.2 Present webpage, and other websites and sub-sites that can be reached through it have this website address:

 

https://www.vitamed.life/index.php/en/

 

 

  1. Hungarian legal requirements, scope of present privacy policy

 

2.1              Service of website identified by address above (website hereafter), run by certain Data Manager (Data Manager hereafter), is directed at Hungary and is provided from Hungary. In accordance with this, Hungarian and European law applies to service, Users using service (also including data management). Data Manager uses information about Users mostly based on these regulations:

–       EUROPEAN PARLIAMENT AND COMMISSION (EU) Regulation 2016/679 (27 April 2016) about protecting natural people and protection of personal data, free flow of such data, and about countermanding of the directive 95/46/EK (general data protection regulation); (The EU General Data Protection Regulation), (GDPR hereafter).

–       Regulation CVIII from 2001 about electronic commercial services and services related to some aspects of information society – (“2001. évi CVIII. törvény az elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefüggõ szolgáltatások egyeskérdéseirõl”),

–       Regulation CXIX from 1995 about research and handling information of names and addresses for direct marketing purposes – (“1995.évi CXIX. törvény a kutatás és a közvetlen üzletszerzés célját szolgáló név- és lakcímadatok kezelésérõl”),

–       and Regulation XLVIII from 2008 about the basic conditions and some limits of economic advertising activities – (“2008. évi XLVIII. törvény a gazdasági reklámtevékenység alapvetõ feltételeirõl és egyes korlátairól”).

 

2.2              Present policy applies to the use of website and data management done during the use of electronic services.

 

2.3              Based on present policy, User sare: natural people regardless of which service of website they are using, and those natural people who simply browse the website but do not draw on any services.

 

 

  1. Legal bases of data management

3.1       Legal basis to data management done by Data Manager lies upon GDPR Article 6, Paragraph (1), Point a) about consent of User to data management, and Article 6, Paragraph 1, Point b) of GDPR, which states that data management is necessary for fulfilment of contracts in which User is one of the  parties.

3.2       In case of data management based on given consent, User previously agrees to data management by marking an indicator box above data management agreement placed at relevant places. User may read about data management anytime under “Privacy Policy” appearing at every page of website, or by clicking on “Privacy Policy” link in data management agreement mentioned in this point, through which Data Manager provides User in advance with obvious and detailed information. By marking the indicator box above data management agreement, User declares that they have read Privacy Policy and consents to handling their data in accordance with present policy knowing its content.

 

  1. Data management without further consent, and after withdrawal of consent

4.1       Data Manager can handle recorded information aboutUser with their previous consent, and needs no further consent.After withdrawal of consent based on Article 6, Paragraph 1 of GDPR, data are handled the following way.

4.2       If personal data was recorded with User’s consent, Data Manager can handle recorded data further on, if disharmonic legal regulations do not exist, without the further explicit consent of User, and Data Manager can handle information after withdrawal of consent, too, if:

–    data management is necessary to fulfill legal requirements of data manager;

–    data management is necessary to protect essential interests of a concerned or another natural person;

–    data management is necessary to provide rightful interests of data manager or any third party, except when interests or essential rights and freedoms of concerned people have priority over these interests that require the protection of personal data, especially if the concerned party is a child.

4.3 Data Manager does a so-called interest-scaling test on an obligatory basis before managing data with reference to rightful interests. This interest-scaling test is a three-step process in which Data Manager identifies its rightful interest, and concerned User’s interest being their weighting counterpoint and their basic right to planned data management. Finally, based on the process of weighting, Data Manager declares if its rightful interest is in proportion with User’s interest, consequently, personal data can be handled based on GDPR Article 6, Paragraph (1) Point f).

4.4 Data Manager informs concerned User about the results of interest scaling test in a way that User will clearly realize why managing User’s personal data by Data Manager without User’s consent can be a reasonable limitation.

4.5 Data Manager follows the guidelines of Opinion 6/2014 issued by the Data Protection Group of the European Commission. The Opinion can be read at the following link: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_hu.pdf#h2-2

 

  1. Further possible legal bases of data management – independent of User’s consent

5.1 Further legal basis of data management in referential cases is data management necessary for fulfilling legal requirements based on GDPR Article 6 Paragraph (1) Point c). Data Manager may need to do obligatory data management in some cases, prescribed by law or other measure. In addition, Data Manager has to act according to requests from authorities that might also involve handling and forwarding personal information. This is Data Manager’s obligation by law, too.

5.2 We inform you furthermore, according to GDPR Article 6,Paragraph (1), Point d) and f) that Data Manager may handle User’s personal information in cases when managing data is necessary to protect essential interests of another natural person, and data management is necessary to put across rightful interests of Data Manager or a third party – except for cases when this interest is in conflict with concerned User’s such interests or basic rights and freedoms that require protection of personal information, especially if User is a child.

Data Manager always does – with a compulsory aspect – a so-called interest-scaling test with reference to above mentioned rightful interest before starting to handle data, according to points 4.3-4.5 of present policy.

5.3 Data Manager informs User based on Law of 2001 CVIII, § 13/A about some questions of electronic trading services and services related to information society.

Data Manager’s service based on this law is considered to be electric trading service related to information society.

Data Manager may handle identifying information and address of User in order to create a contract, determine its content, modify it and to monitor its accomplishment, make out invoices of fees about related costs, and to realize claims.

Data Manager may handle User’s natural identifying data, address and information about using service, its period and location in order to be able to make out invoices laid down in contract about offering Data Manager’s service.

Data Manager may handle personal information that is technically essential for providing service. Data Manager chooses and runs devices used during offeringservice so that personal data is only handled when it is absolutely necessary to provide such a service and to fulfil legal requirements. However, in similar cases, it does only to a necessary level and time. (Further rules of technically necessary data management is laid down in the document “Information about using cookies” and in chapter 6 of present policy.

Data Manager may handle personal information – unlike any cases described above, especially to improve the efficiency of its service, electronic advertisements or forwarding any other content to User to do market research – in relation to service based on User’s previous consent.

 

  1. Data management related to operation of information technology service

6.1 Concerned parties in data management: All Users visiting website, regardless of whether they use services offered at website.

6.2 Legal basis of data management: Law of 2001 CVIII, § 13/A authorizes Data Manager to handle information technically absolutely necessary to provide service. Consequently, it is the rightful interest of Data Manager to do so, based on GDPR Article 6, Paragraph (1), Point f). Relying on this legal basis, Data Manager handles exclusively those types of data that are necessary to ensure a user-friendly operation of website, and works with them only until it is needed. These pieces of information are such technical data which are essential to provide an enjoyable appearance of website, proper and comfortable use of its functions. Data are not forwarded to third party and are not used for any other purposes. Data Manager works with service provider(s) indicated in Chapter 18 under “Information technology data management”. As a result, data management does not have any risks on User’s side, however, using the website properly is not possible without handling data. It is the rightful interest of Data Manager to operate website properly, as it can only provide its service this way, it is an inevitable condition for its functioning. Consequently, Data Manager handles information mentioned above in order to fulfil this goal as its rightful interest, and based on which rightful interest – because data management is not high risk for User – Data Manager limits User’s autonomy to a proportional extent.

User’s consent is the legal basis of data management for analysis of visits and marketing activities based on Article 6, Paragraph (1), Point a) of GDPR. User may consent to data collection for analytical and marketing purposes when starting to browse website by marking anindicator box in the pop-up window.

6.3 Determining the scope of data handled: Information technological data management affects data related to operate “cookies” used for the functioning of website and data necessary for using diary files applied by operator of website.

In order to ensure user-friendly browsing, data that need to be handled:

– websites visited during entering website and the order of their opening

– User’s IP address.

Data handled to measure popularity of website:

– websites visited during entering website and the order of their opening

– frequency of opening certain websites on webpage

– which other website has User come from to present website (only in case of websites that have a link to present website)

– determining User’s geographical position (based on internet service company, only approximate data about device used for browsing)

– time when browsing was started

– time when browsing was finished

– period until website was surfed.

Data handled to check entry rights when entering website:

– user name and password (can be stored based on User’s consent)

– User’s e-mail address

– IP address of User’s device.

6.4 Aim of data management: “Cookies” and diary files are necessary to provide a user-friendly and safe operation of website, also to collect information about use of website.

This includes the following:

– Identification of User’s browser device, and remembering identifying data through browsing time based on IP address. Surfing the internet becomes smoother, as without this function, User needs to identify themselvesat each website they visit.

Analysing visits of website

– Measuring the popularity and frequency of visits at webpages of website and the time spent on webpages in order to shape website to the needs of Users.

– Identifying place of User’s device used for browsing, mapping the demand for Data Manager’s service.

– Identifying website from which User has arrived, in order to provide information about services of other websites that have links to present one, and to be able to offer information about topics of User’s interest.

To measure such data Data Manager’s information technology system uses devices of GoogleAnalytics (Google Inc.). In cases of such websites, Google cookies remember users’ preferences and information, which also means discovering data about visitor numbers at a website and browsing habits.

Data mentioned above can also be accessed by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), owner and operator of Google Analytics devices. Google Inc. uses these data to make analysis as well as forward aimed advertisements to users. Google Inc. links data and IP address of device used for browsing, and based on browsing habits on that device, aims certain advertisements precisely. Google Inc. does not have access to any other information apart from the above mentioned data.

Service of Facebook Inc. provides cookies to make it easier to share and like Data Manager’s Facebook site (Facebook button, FacebookSharing button, Facebook Like button), so these data can be accessed by Facebook Inc. (1601 WillowRoad, Menlo Park, CA 94025, USA).

Consequently, Facebook Inc. has access to data mentioned above in order to measure visitor numbers and to map browsing habits. Beyond doing such analyses, Facebook Inc. uses data to forward specific advertisements. Facebook Inc. links data and IP address of device used for browsing, and based on browsing habits on that device, aims certain advertisements precisely. Facebook Inc. does not have access to any other information apart from the data mentioned in this point.

Service provider uses services of the above mentioned service providers in order to forward advertisements to User’s browser device when visiting its own website.

Service provider uses services of above mentioned service providers to forward advertisements about its own services to User’s device used for browsing after visiting Service Provider’s website.

Data assigned to these goals are recorded in a way that Users can be identified, however, they are only accessible by Data Manager:

–            incidental storage of username and password for an easier entry (according to User’s decision)

–            check of User’s entry entitlement (username, e-mail address, password).

6.5 Period of data management: Data Manager handles a part of data for the period of browsing, other data is stored for a variable time, but maximum 2 years.

Data necessary for operation of website in a user-friendly way (IP address, order of webpages visited during browsing) are recorded for the duration of browsing session, they are deleted when browsing finishes. Handling of these data is done by own devices of Data Manager, third party does not gain access to them, except for information technology data processing (see chapter below: “Requisition of Data Processor”).

Data necessary for checking entry and usage entitlements are stored for the duration of browsing session, when it finishes, they are deleted. Handling of these data is done by own devices of Data Manager, third party does not gain access to them, except for information technology data processing (see chapter below: “Requisition ofData Processor”).

Username and password may be stored permanently based on User’s decision by cookies being stored on User’s device. User might delete them, thus control data storage period.

To measure number of visitors and to map browsing habits, Data Manager’s information technology system uses devices of Google Analytics. Only those cookies get stored on User’s device that had been enabled to collect data by Google Analytics. These data are stored permanently, up to 2 years the most with the use of cookies, which are stored on User’s device used for browsing. User can erase these cookies or block them any time in the settings of your browser, or in settings of cookies at website.

Data being the bases of measuring number of visitors and mapping browsing habits are stored permanently on devices of Facebook Inc., but through cookies valid for maximum 2 years. User can delete or block such cookies anytime in the settings of their browser, or in settings of cookies at website.

6.6 Storage of data: on separate lists in Data Manager’s information technology system. Data related to providing a user-friendly service (IP-address, the order of sites visited during browsing session) are not stored. Cookies providing information are stored on User’s device. Diary cookies used by webpage service provider are stored on service provider’s server.

6.7 User may get more information about information technology data management also done by Google Analytics and Facebook Inc. from the pop-up window appearing at the entry of website, and at the website by clicking on “Information about using cookies”, just like from https://www.google.com/intl/hu_ALL/analytics/support and https://developers.facebook.com/products. Data Manager uses only services mentioned above from the ones offered by Google Analytics and Facebook Inc.

 

  1. Data Management in case of receiving and answering messages

7.1 Concerned parties: Users sending messages to Data Manager to indicated e-mail address(es).

7.2 Legal basis for data management: User’s consent according to GDPR Article 6, Paragraph (1), Point a). User consents to handling their data by sending an e-mail voluntarily. User consents to handling their personal data and information included in the message by sending an e-mail voluntarily.

7.3 Determining the scope of data handled:

Scope of data:

–       surname

–       first name

–       e-mail address

–       telephone number.

 

Data Manager handles information concerning received e-mails from User only contentwise, and does not require User to give personal data within. When such non-required information is provided though, they are not stored and Data Manager deletes them immediately from the information technology system.

7.4 Goal of data management: to ensure exchange of messages between Data Manager and User, by the latter providing above mentioned data voluntarily in order to draw on services of website related to exchange of messages.

Services involved:

–  receiving an e-mail message (by using e-mail address(es) at website),

–  replying to messages sent to Data Manager the above mentioned ways in 2 working days,

–  in case of User’s more complex request, telephone conversation to answer questions.

7.5 Duration of data management: Data Manager handles information until goal is fulfilled, i.e. answering a request or accomplishing a claim. Afterwards, Data Manager deletes data handled for these purposes. If there are more exchanges of messages, data are erased at the end of the process.

7.6 Method of data storage: on separate data managing lists in the information technology system of Data Manager until the end of information exchange.

 

  1. Data managemet related to sending newsletters

8.1 Concerned with data managent is: User who signs up for newsletters at website by providing personal data to fill in a form. Furthermore, a User who contracts with Data Manager with or without written contract and consents to receiving newsletters in a written form.

8.2 Legal basis of data management: User’s consent based on GDPR Article 6, Paragraph (1), Point a) and User’s consent based on law regulating economic advertising activities § 6, Paragraph (1) and (2). User gives voluntary consent by reading this Privacy Policy and filling in the form about receiving newsletters, clicking on the consenting agreement box there, or giving their consent in a paper-based contract to receiving newsletters and signing the contract or a separate declaration. Either way, User consents to handling their personal data described in a contract/declaration and to receiving newsletters.

Newsletters provide useful information to users, as well as aim at direct sales. User may sign up for this service irrespectively of drawing on other services, and is voluntary. It is based on User’s decision after being informed. In case User does not take the newsletter service, they do not encounter any drawbacks when using website or any other services, it is not a condition to use any other services at website.

8.3 Scope of data:

–       surname

–       first name

–       e-mail address.

8.4 Goal of data management: sending newsletters to User by Data Manager in e-mails about Data Manager’s service, information about the latest products/services and actualities, offers and advertisements.

8.5 Duration of data management: Data Manager handles information until User’s cancellation of consent (User unsubscribes), or until deleting data based on User’s request.

8.6 Method of data storage: on separate data managing lists in the information technology system of Data Manager, or by lacing papers User gives to Data Manager including personal information.

 

  1. Data management related to making direct sales through sending SMS and MMS messages

9.1 Concerned with data management: Users who consent to receiving SMS and MMS messages direct sales tools, and mark relating declaration.

9.2 Legal basis of data management: User’s consent based on GDPR Article 6, Paragraph (1), Point a) and law regulating economic advertising activities § 6, Paragraph (1) and (2).

SMS and MMS messages provide users with useful information, as well as aim at direct sales. User may sign up for this service irrespectively of drawing on other services, and is voluntary. It is based on User’s decision after being informed. In case User does not take the SMS and MMS service as part of direct sales, they do not encounter any drawbacks when using website or any other services, it is not a condition to use any other services at website.

9.3 Scope of data:

–       surname

–       first name

–       telephone number.

9.4 Goal of data management: sending SMS and MMS messages as part of direct sales to User by Data Manager. They contain information about Data Manager’s services, the latest products/services and actualities, offers and advertisements.

9.5 Duration of data management: Data Manager handles information stored to send SMS and MMS messages as part of direct sales until User’s cancellation of consent (User unsubscribes), or until deleting data based on User’s request.

9.6 Method of data storage: on separate data managing lists in the information technology system of Data Manager.

 

  1. Data management related to making phone calls as part of direct sales

10.1 Concerned with data management: Users who consent to receiving phone calls as direct sales tools, and mark relating declaration.

10.2 Legal basis of data management: User’s consent based on GDPR Article 6, Paragraph (1), Point a) and law regulating economic advertising activities § 6, Paragraph (1) and (2).

Telephone calls provide users with useful information, as well as aim at direct sales. User may sign up for this service irrespectively of drawing on other services, and is voluntary. It is based on User’s decision after being informed. In case User does not consent to being called on the phone as part of direct sales, they do not encounter any drawbacks when using website or any other services, it is not a condition to use any other services at website.

10.3 Scope of data:

–       surname

–       first name

–       telephone number.

10.4 Goal of data management:

Data Manager calls User on the phone as part of direct sales activities. Calls provide Users withinformation about Data Manager’s services, the latest products/services and actualities, offers and advertisements.

10.5 Duration of data management: Data Manager handles information stored to send call User as part of direct sales until User’s cancellation of consent (User unsubscribes), or until deleting data based on User’s request.

10.6 Method of data storage: on separate data managing lists in the information technology system of Data Manager.

 

  1. Data management related to registration

11.1 Scope of parties concerned: Users registering at website.

11.2 Legal basis of data management: based on GDPR Article 6, Paragraph (1), Point a), User’s consent. Voluntary consent is given by clicking on”Registration” and filling in the form, as well as clicking in the indicator box, and finally sending the registration.

11.3 Scope of data handled: Data included in the registration form mentioned above.

Scope of data:

– surname

– first name

– telephone number

– e-mail address

– username

– password

– address of delivery

– address for invoice.

11.4 Goal of data management: data management related to operating a webshop, User to take services offered at website.

Services are:

– browsing the website

– getting information about products

– offering possibility to order products online from the website

– sending messages to Data Manager.

11.5 Duration of data management: Concerning registered Users, duration of data management lasts until Users request for data deletion. Data management may finish when User deletes their registration or when Data Manager deletes User’s registration. User may delete their registration anytime, or can ask Data Manager to do it. Such incoming requests are handled and accomplished immediately, but 10 working days the most from arrival.

11.6 Method of storing data: on separate data management list within Data Manager’s information technology system.

 

  1. Data management related to orders

12.1 Scope of parties concerned: Users posting an order at website.

12.2 Legal basis of data management: based on GDPR Article 6, Paragraph (1), Point b), according to which data management is necessary to accomplishing contracts where User is one of the parties. User is informed that their personal data given in connection with delivery will be handled by Data Manager when an order is issued, based on the contract made between the two parties.

12.3 Scope of data handled: Data included in the form filled in before issuing an order mentioned above, or in previous registration form.

Scope of data:

– surname

– first name

– telephone number

– e-mail address

– username

– password

– address of delivery

– address for invoice

– indication of product(s)/service(s) ordered

– price of product(s)/service(s) ordered

– form of delivery

– form of payment

– other information User might have provided in order to accomplish order

– time of order

– time of payment.

12.4 Goal of data management: to fulfill orders and data management related to operation of webshop. User gives their personal information and contacts voluntarily so that orders can be fulfilled and services of website can be provided.

Services this includes:

–       providing information about availability and characteristics of product

–       ordering product

–       delivery of ordered product

–       arranging delivery

–       delivery

–       notification about delivery

–       making out invoices

–       prosecution of User’s rights.

12.5 Duration of data management: it lasts until delivery of product. Data manager forwards personal information (name, address of delivery, telephone number) to delivery company exclusively necessary for the delivery and can be used only for a certainscaleand time.

Data Manager handles information required for making out invoices (name, address) until there might be a possibility ofprosecution of fulfilling interests,and data mentioned above related to fulfilling orders until the time of possible prosecution of fulfilling interests(5 years from signing the contract). It handles data required by the Counting Actuntil the necessary period (8 years from signing the contract).

12.6 Method of data storage: On separate data management list within the information technology system of Data Manager, and on bills that correspond to related laws about keeping bills for certain periods of time.

 

  1. Data management lists

13.1 Lists related to information technology data management: lists containing information about browsing habits of Users – see Point 6 –, as well as a temporary list containing data of IP-addresses of Users’ devices who are just browsing the website. It is exclusively handled within the information system of Data Manager. Data management is done on the latter list only for the duration of browsing. (Other data are stored on User’s device, Data Manager does not make a list on its own.)

13.2 List for the exchange of messages: data of Users sending messages by using contacts at website – see Point 7 – that includes information about participants of data exchange, only for the duration of the exchange, afterwards data are deleted.

13.3 List for newsletters: list of data – see Point 8 – to send newsletters, messages, leaflets and special offers in e-mails. Data are handled by Data Manager until withdrawal of consent sent by User (when they unsubscribe), or until User asks Data Manager to delete information.

13.4 List to send SMS and MMS messages to make direct sales: list with data listed in Point 9 to send messages, information materials and advertisements through SMS and MMS messages. Data are stored until User’s cancellation of consent (User unsubscribes), or until deleting data based on User’s request.

13.5 List to make phone calls as part of direct sales:list with data listed in Point 10 to phone Users as part of direct sales. Data are stored until User’s cancellation of consent, or until deleting data based on User’s request.

13.6 Registration list: list containing data – see Point 11 – of registered Users. Information is stored until registration is valid, User of Data Manager does not delete it, or User’s request for such a deletion is not processed by Data Manager.

13.7 List of orderers: data – see Point 12 – of Users who place an order. Information is stored until request for deletion is processed by Data Manager, except for cases subject to Counting Law.

13.8 Registry of forwarding data: Data Manager runs a registry of forwarding data in order to check legality and to inform concerned parties. This includes the time of forwarding data of personal information, its legal basis and addressee, the definition of data forwarded and other data defined by regulation about data management.

13.9 Registry of data management incident: a registry about violations of regulations about data management and the steps to avoid them. It includes information about personal data concerned, circle and number of parties involved in the violation, its time, circumstances, effects and actions taken to avert it, as well as – in case of data management done prescribed by a legal commitment – other data defined in the regulation prescribing data management.

13.10 Data Manager stores information in its information technology system on separate lists, in data bases for different purposes each – as described above. It also stores paper contracts/declarations about sending newsletters.

 

  1. Duration of data management

14.1 Data management lasts until the above mentioned descriptions of data management differentiated on the basis of the purpose of such management. Data Manager handles information until data management purposes are fulfilled, or User withdraws consent or requests for deletion.

14.2 In accordance with this, data management lasts until withdrawal of consenting declaration, fulfilment of deletion request, unsubscriptionfrom newsletter, in certain cases until the accomplishment of engagement. User may protest against data management any time, may ask to stop data management and request for deletion of data specifically or globally. Data Manager processes requests like these immediately, but maximum 10 working days from arrival of request. User may unsubscribe from newsletters at any time by using the unsubscribe link in newsletters or by sending an e-mail to info@vitamed.life. Users might send the above mentioned requests or protests to this e-mail address, too. Data Manager only considers such e-mails authentic, if User has given the e-mail address they might be sent from previously to Data Manager and is registered in Data Manager’s system when User subscribed to newsletters or has given data in a contract/declaration. However, sending such requests from another e-mail address does not mean that they are ignored.

 

  1. Method of storing data

Data Manager stores information on separate lists in its information technology system divided into different database, according to data management goals.

 

  1. Forwarding data

16.1 Scope of concerned: Users choosing online payment after shopping at website, regardless of using other services.

16.2 Addressee of data forwarding:

OTP Mobil Szolgáltató Korlátolt Felelõsségû Társaság (SimplePay)

(OTP Mobile Service Provider Ltd.)

Short name: OTP Mobil Kft.

Corporate registration number: 01-09-174466

Tax number: 24386106-2-43

Premises: Hungary, 1093 Budapest, Közraktár u. 30-32

Postal address: Hungary, 1093 Budapest, Közraktár u. 30-32

Telephone: +36 1 366 6611

E-mail: ugyfelszolgalat@simple.hu

Website: http://simplepay.hu/

company, as service provider of online payment service at Data Manager’s website.

16.3 Legal basis of data forwarding: User’s consent based on GDPR Article 6, Paragraph (1), Point a). User consents voluntarily to forwarding their data by getting to know the Privacy Policy, choosing online payment and sending an order.

16.4 Scope of data forwarded:

– user name

– surname

– first name

– country

– telephone number

– e-mail address.

16.5 Goal of forwarding data: Operating and managing online payment service appropriately, confirmation of transactions, operating fraud-monitoring to protect users’ interests. This is a system to reveal frauds related to online payment, supporting the control of bank transactions – and providing help through customer support service.

16.6 Data are exclusively forwarded to achieve the above mentioned goals.

16.7 Data Manager forwards information only to official bodies in accordance with legal requirements.

16.8 Data Manager does not forward information to third parties for business or marketing purposes.

16.9 Data Manager keeps track of forwarding data in a register.

 

  1. Requisition of data processor

Data Manager draws on the following businesses to process data.

17.1 Information technology data processing

17.1.1. Parties concerned of data processing: Users visiting website, regardless of services used.

17.1.2 Data Manager draws on

Ezit Korlátolt Felelõsségû Társaság (EZIT Ltd.)

Short name: EZIT Kft.

Corporate registration number: 01-09-968191

Tax number: 23493474-2-41

Headquarters: Hungary, 1132 Budapest, Victor Hugo u. 18-22

Postal address: Hungary, 1132 Budapest, Victor Hugo u. 18-22

Telephone: +36 1 700 40 30

E-mail: info@ezit.hu

Website: https://www.ezit.hu

 

as website storage place provider (Data Processor hereafter).

17.1.3 Data Manager draws on data processor services of

BILDER CONSULTING Kereskedelmi, Szolgáltató és Kutatófejlesztõ Korlátolt Felelõsségû Társaság

(BILDER CONSULTING Commercial, Service Provider and Research Developer Ltd. )

Short name: BILDER CONSULTING Kft.
Corporate registration number: 09-09-012101
Tax number: 13617022-2-09
Headquarters: Hungary, 4030 Debrecen, Mikepércsi út 59 tetõtér 14. (Attic 14)
Postal address: Hungary, 4030 Debrecen, Mikepércsi út 59 tetõtér 14. (Attic 14)
Telephone: +36 20 336 3189
E-mail: iroda@bilder.hu
Website:https://bilder.hu/

as website developer and technical mainainer (Data Processor hereafter).

17.1.4 Defining the scope of data involved in data processing: this relates to all information mentioned in present policy.

17.1.5 Goal of data processing: To ensure functioning of website in an information technological way through data handling of services provided, apparent in necessary technical actions.

17.1.6 Period of data processing: It correlates with data management periods indicated in this policy for data management with various objectives.

17.1.7 Processing data exclusively refer to technological operations necessary to manage website in an information technical aspect.

17.2 Data processing in relation to sending newsletters

17.2.1 Concerned parties: Users subscribing to newsletter, regarless of whether they use any other services.

17.2.2 Data Manager draws on services of

THE ROCKET SCIENCE GROUP LLC (MailChimp)

Corporate resistration number: 20161685162
Tax number: 20161685162
Headquarters: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Business site: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Postal address: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Telephone: +1 678 999 0141
E-mail: privacy@mailchimp.com
Website: https://mailchimp.com/

as company that has developed and operates newsletter sending software used by Data Manager (Data Processor hereafter).

17.2.3 Definition of data to be processed: data processing involves all data mentioned in present policy in chapter about sending newsletters.

17.2.4 Goal of data processing: to provide information technological conditions for sending newsletters by Data Manager, in data management apparent through technical operations necessary for operating the software safely.

17.2.5 Period of data processing: Data Processor handles information until User’s cancellation of consent (User unsubscribes), or until deleting data based on User’s request.

17.2.6 Processing data exclusively refers to technical operations to manage software about sending newsletters in an information technological way.

17.3 Data processing related to using cookies

17.3.1 Concerned parties: Users visiting website, regardless of whether they draw on any other services.

17.3.2 Data Manager draws on services of

GOOGLE INC.

Corporate registration number: 20031277465

Tax number: 20031277465

Headquarters: 1600 Amphitheatre Parkway Mountain View CA 94043 US

Premises: 1600 Amphitheatre Parkway Mountain View CA 94043 US

Postal address: 1600 Amphitheatre Parkway Mountain View CA 94043 US

Telephone: –

E-mail: not available

Website: https://www.google.hu/

as online marketing service provider company (Data Processor hereafter).

17.3.3 Data Manager draws on services of

Facebook Ireland Ltd.

Corporate registration number: 462932

Tax number: IE 9692928F

Headquarters: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Premises: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Postal address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Telephone:  +0016505434800

E-mail: https://facebook.com/help/contact/540977946302970

Website: https://www.facebook.com/privacy/explanation

as online marketing service provider company (Data Processor hereafter).

17.3.4 Legal basis of data processing: Data Manager may draw on services of a data processor, based on User’s consent according to GDPR Article 6, Paragraph (1), Point a), provided Users are informed beforehand. User consents voluntarily to Data Manager use Data Processor, as described in Chapter 6, after getting acquainted with Privacy Policy.

17.3.5 Defining data to be processed: data processing involves all data mentioned in Chapter 6 of present policy.

17.3.6 Goal of data processing: to provide information technological conditions to operate website for concerned Users with the help of data management, apparent in technical operations,as well as analysis of visitor habitsnecessary for operating website and providing services. In addition, to send selective advertisements to User’s device used for browsing through the use of devices of outer service providers.

17.3.7 Period of data processing: is the same as data management periods described in Chapter 6 of present policy.

17.3.8 Processing data exclusively refers to technical operations to manage website in an information technological way, and to place selective advertisements.

17.4 Data processing related to delivery of products

17.4.1 Concerned parties: Users choosing delivery of products after placing an order at website, regardless of whether they draw on any other services.

17.4.2 Data Manager draws on services of

DHL Express Magyarország Szállítmányozó és Szolgáltató Kft.

(DHL Express Hungary Delivery and Service Provider Ltd.)

Short name: DHL Express Magyarország Ltd.

Corporate registration number: 01-09-060665

Tax number: 10210798-2-44

Headquarters: Hungary, 1185 Budapest, BUD International Airport

Postal address: Hungary, 1185 Budapest, BUD International Airport

Telephone: +36 1 245 4545

Fax: –

E-mail: ugyfelszolgalat.hu@dhl.com

Website: http://www.dhl.hu

as delivery company that delivers products ordered (Data Processor hereafter).

17.4.3 Data Processor draws on services of

SPRINTER Futárszolgálat Korlátolt Felelõsségû Társaság

(SPRINTER Courier Company Ltd.)

Short name: Sprinter Futárszolgálat Kft.
Corporate registration number: 01-09-660447
Tax number: 12263840-2-43
Headquarters: Hungary, 1097 Budapest, Táblás u. 39
Postal address: Hungary, 1725 Budapest, pf.: 117
Telephone: +36 1 347 3000
Fax: –
E-mail: info@sprinter.hu
Website: http://www.sprinter.hu/

as delivery company that delivers products ordered (Data Processor hereafter).

17.4.4 Legal basis of data processing: according to GDPR Article 6, Paragraph (1), Point b), data management is necessary to fulfillcontracts in which User is one of the parties. Data Manager may use services of a data processor to fulfill contracts – provided Users are informed beforehand. User, while getting acquainted with Privacy Policy and during the process of placing an order, is informed about the content of the contract and data processors being used to handle User’s data necessary to fulfil their orders.

17.4.5 Scope of data involved in data processing: data that is needed to fulfill contract about User’s order (fulfillment of delivery):

– surname

– first name

– telephone number

– address of delivery.

17.4.6 Goal of data processing:  In order to fulfill contract made when User placed an order, goal is delivery of ordered product to an address indicated by User, checking delivery address and time if necessary on the phone.

17.4.7 Period of data processing: time needed for delivery.

17.4.8 Data processing exclusively means technical operations needed to fulfill delivery.

17.4.9 Data processing does not take place for any other reasons.

17.5 Data Processors have no interests in Data Manager’s business activities.

17.6 Data Manager does not draw on services on any other Data Processors than indicated above.

 

  1. User’s rights concerning data processing

18.1 Right to access: Data Manager gives information on User’s request about data being handled by itself and by Data Processor, their sources, goals of data processing, its legal basis, period, name and address of Data Processor, its activities related to data processing, consequences and effects of a possible data protection incident and actions done in order to avoid such cases, furthermore, in case of forwarding, concerned person’s personal data, about the legal basis and addresse of data forwarding. Data Manager provides information without any unreasonable delay, within maximum one month from arrival of request.

Within the framework of the right to access, Data Manager provides User with a copy of personal data involved in data management, within maximum one month from arrival of request. For further User demands, Data Manager calculates a reasonable fee based on administrative costs (see Chapter 18).

18.2 Right to portability of data: User has the right to get personal data about themselves in an articulate, widely used format, readable on devices, furthermore, has the right to forward these pieces of information to another data manager without the obstruction of data manager that received data according to User’s consent, if:

  1. a) data management has been based on User’s consent or contract; and
  2. b) data management is automatised.

 

Practising the right to portability of data, User has the right – if it is technically practicable – to ask data managers to forward information between each other directly.

18.3 Right to correction: User may ask for correction of their data, which Data Manager fulfils without any unreasonable delay, within maximum one month after arrival of request. Considering the goal of data management, User has the right to ask for completing their missing personal data – through an additional declaration for example.

18.4 Right to limitation of data management: Data Manager indicates personal data in order to limit data management. User may ask for such limitation if one of the following cases occur:

  1. a) User disputes accuracy of personal data, in this case limitation exceeds for the period that enables Data Manager to check accuracy of personal data;
  2. b) data management is illegal, and User objects to deletion of data, but requests limitation of use;
  3. c) Data Manager does not need personal data for data managent, however, concerned party lays claim to them in order to propose, realize or protect legal demands; or
  4. d) User has objected to legal data management done by Data Manager; in such cases limitation exceeds over period in which it becomes clear whether Data Manager’s legal interests dominate over concenred party’s legal interests.

 

18.5 Right to cancellation (right to “effacing”): Data Manager deletes information if:

  1. a) personal data are no longer needed for reasons they were recorded, or were handled differently;
  2. b) User withdraws their consent to data management, and there are no other legal bases to it;
  3. c) User objects to data management and there are no prior rightful reasons for data management, or User objects to data management with direct sales objectives;
  4. d) personal data was handled illegally;
  5. e) personal data must be deleted to fulfil legal obligations claimed by European Union or member state laws;
  6. f) User requests deletion or objects to data management, and data was recorded with regard to services directly offered to children related to information technological society.

If Data Manager made personal data public – and according to cases mentioned above – has to erase them and must take reasonable steps, including technical ones – considering technology available and costs of realization – in order to inform data managers involved about User requesting their personal data and the links referring to them or copies of personal data to be deleted.

Data Manager informs User and all data managers that were provided with information about the correction, limitation and deletion. Notification might be neglected if seems to be impossible, or requires unreasonable efforts. Data Manager informs User on demand about these addressees.

18.6 Right to objection: User has the right to object to their data being managed rightfully by Data Manager at any time because of personal reasons, including profile creation based on mentioned actions. In such cases, Data Manager cannot handle personal information any longer, except when Data Manager proves that there are obligatory rightful reasons for data management, having priority over concerned person’s interests, rights and freedoms, or reasons that are related to proposal, enforcement or defence of legal demands.

 

  1. Fulfilling User’s requests

19.1 Data Manager offers notification and taking actions for free, as described in Point 18. If User’s request is obviously unfounded, or – especially for its repeated nature – exaggerated, Data Manager

  1. a) might charge a reasonable price, or
  2. b) might deny taking actions based on request,

considering data requested, or administrative costs of measures to be taken to fulfill request.

19.2 Data Manager informs User without any unreasonable delay, but maximum one month after receiving request, about actions taken, including issuing copies of data. If necessary, considering the complexity of request and numbers of requests, this deadline can be made longer with additional two months. Data Manager informs User about elongation of deadline together with indicating reasons of delay within one month after receiving request. If concerned User handed in their request electronically, Data Manager provides information electronically, except when concerned User asks for it in a different way.

19.3 If Data Manager does not take any steps as reaction to User’s request, without delay, but within one month the most after receiving request, informs User about reasons why there have been no actions, and about the possibility of filing a complaint at Authority mentioned in Point 21, and can have the right to legal remedy described there as well.

19.4User may hand in their request to Data Manager in any way that identifies them. Identifying Users handing in a request is necessary, because Data Manager can deal with requests that are entitled. If Data Manager has justified doubts about the identity of natural person handing in a request, may ask for other pieces of information to assure identity of concerned User.

User can send their requests to Data Manager to the address indicated in Point 1.1, or to the e-mail address info@vitamed.life. Data Manager considers requests sent in e-mail genuine only if it was sent from an e-mail address registered at Data Manager’s database. However, using another e-mail address does not mean inobservance of such requests. Time of receipt of e-mails is the first day after the e-mail was sent.

 

  1. Data protection, data safety

20.1 Data Manager assures safety of data, and through technical and organizational actions, as well as internal rules of procedure,ensures that laws and other data and secret protection rules are kept. Data Manager protects especially against illegal access, change, forwarding, making public, deletion or disaffirmation of data, moreover, it protects against accidental disaffirmation and damage, as well as inaccessibility of data as a result of change in applied technology.

20.2 In order to achieve these, Data Manger uses “https” protocol to reach website, through which web communication can be encrypted and individually identifiable. Data Manager stores information in encrypted data stocks on separate lists insulated from each other based on data management goals, to which certain Data Manager employees – performing tasks at present website – have access to, who have to protect data and it is their job responsibility to handle this policy and relevant laws in an appropriate manner.

20.3 Data related to measuring number of visitors at website and habits describing use of website are handled in Data Manager’s information technologyical system in a way that prevents Data Manager to link data to anyone, right from the beginning.

20.4 Data are managed to reacharticulated and legal goals described in present policy to a necessary and proportional degree, based on relevant laws and recommendations, keeping appropriate safety measures.

 

  1. Prosecution of rights

Concerned parties may practice their prosecution of rights based on Civil Code 2013 Law V and GDPR at a couthouse, and can turn to the National Authority for Data Protection and Freedom of Information:

Nemzeti Adatvédelmi és Információszabadság Hatóság

(National Authority for Data Protection and Freedom of Information)

Address: Hungary, 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Postal address: Hungary, 1530 Budapest, pf.: 5

Telephone: +36 1 391 1400

Fax: +36 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu/

In case choosing a process involving a courthouse, the lawsuit – based on concerned User’s choice – may be initiated at the courthouse in concerned person’s residence or commorancy, as courthouses are competent in confiscation of such a lawsuit.

 

 

1st December 2018

NutriMed Étrendkiegészítõ Kft.