No Products in the Cart
We are looking for distributors now! For details please contact us here...
Who processes your personal information? Who is the data controller?
During the processing of your personal data, Tápfutár Webáruház Zrt. (hereinafter referred to as: Data Controller) acts as a data controller.
What are the contact details of the data controller?
Seat: Hofherr Albert utca 42., 1194 Budapest
Phone: +36 30 / 235 6737
Email address: order@biogenicpetvitality.eu
What data is considered personal data?
Personal data is any information about an identified or identifiable natural person (data subject); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.
What personal information falls into special categories of personal information?
Special categories of personal data include personal data referring to racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the unique identification of natural persons, health data and the sexual life or sexual orientation of natural persons.
Who can be considered as data subject?
In particular, the controller may process the personal data of the following natural persons:
What are the most important laws and regulations regulating the data processing activities of the Data Controller?
Data processing is primarily regulated by the following laws:
According to which principles carries out the Data Controller its data processing activities?
The data controller shall process the data in accordance with the following principles, taking the necessary measures to enforce these principles so that the processing of personal data
(a) it is dealt with lawfully, fairly and on an appropriate legal basis (legality, fairness and transparency);
(b) collected only for specified, explicit and legitimate purposes and not treated in a way incompatible with those purposes,
(c) be appropriate and relevant to the purposes of the data processing and limited to what is necessary (data saving);
(d) be accurate and, where necessary, kept up to date; where possible, inaccurate personal data shall be deleted or rectified without delay (accuracy),
(e) stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data should be stored for a longer period only for statistical purposes, subject to appropriate technical and organizational measures (limited storage capacity),
(f) processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage (integrity and confidentiality), using appropriate technical or organizational measures;
(g) is aware of its responsibility for compliance with the above principles and is able to demonstrate compliance (accountability).
For what purpose, what personal data, on what legal basis and for how long does the Data Controller process the data?
The Special Part of this privacy policy describes the purpose, the scope of personal data, the legal basis and the duration for which the Data Controller processes data.
Does Data Controller use automated decision-making or profiling?
The Data Controller does not use automated decision-making and does not create a profile of the data subjects from the data available.
What rights are data subjects are entitled to?
The Data Controller shall ensure the exercise of the following rights of data subjects by cooperating with data subjects in the exercise of those rights, provided that Union or Member State law applicable to the data controller may restrict the rights of the data subject to the necessary and proportionate extent if the protection of the rights or freedoms of data subject or others are necessary or in order to enforce civil claims (GDPR Article 23):
a) right to information:
In accordance with the principle of fair and transparent data process, it shall provide the data subject with the information required by law, as specified in the legislation.
The Data Controller shall make the information required by law available to the data subject even if the personal data were not obtained from the data subject, unless the personal data are required to remain confidential under a professional secrecy obligation under Union or Member State law, including legal confidentiality.
b) right to access:
the data subject is entitled to receive feedback from the Data Controller as to whether the processing of his or her personal data is in progress and, if so, to obtain access to the personal data and the information specified by law. The Data Controller shall make a copy of the personal data subject to data processing available to the data subject once, free of charge. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. If the data subject has submitted the request electronically, the information shall be provided by the Data Controller in a widely used electronic format, unless otherwise requested by the data subject.
The right to request a copy must not adversely affect the rights and freedoms of others (in particular a person who is a data subject's customer enforcing a civil claim),
c) right to withdraw consent:
if the legal basis for the processing is the data subject's consent, the data subject may withdraw his or her consent to the data processing at any time, but the withdrawal of the consent shall not affect the lawfulness of the consent-based data processing prior to the withdrawal. The Data Controller may also process personal data for the purpose of fulfilling its legal obligations or enforcing its legitimate interests after the withdrawal of consent, if the enforcement of the interest is proportionate to the restriction of the right to the protection of personal data,
d) right to rectification:
the data subject may request the Data Controller to correct the inaccurate personal data concerning him / her without undue delay or supplement his / her incomplete personal data,
e) right to deletion:
the data subject may request that Data Controller deletes personal data concerning him or her without undue delay, which may be refused only in cases provided for by law, in particular if the processing is necessary under EU or Member State law governing the processing of personal data or for the purpose of fulfilling an obligation under this Regulation or for bringing, enforcing or defending legal claims. If the data management obligation is prescribed by law, the Data Controller may not delete the data of the data subject,
f) right to forget:
this right imposes an obligation on the Data Controller – if the personal data was published and due to exercising the right to deletion such data shall be deleted - by taking into consideration the costs for implementation and the available technology to take reasonable steps (including technical measures) to inform the data controllers that the data subject has requested the deletion of links to the personal data in question or of a copy or duplicate of such personal data,
g) right to restriction:
the data subject is entitled to restrict the data processing upon the request of the Data Controller if
- the data subject disputes the accuracy of the personal data (in this case, the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data),
- the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted,
- the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims, or
- the data subject has exercised his or her right to protest against the data processing (in this case, the restriction applies for as long as it is established whether the data controller's legitimate reasons take precedence over the data subject's legitimate reasons),
h) the right to be informed of the recipients informed of the rectification, erasure or restriction of the processing of personal data:
the Data Controller shall inform all recipients to whom or with whom the personal data have been communicated of the rectification, deletion or restriction of the processing of personal data on the request concerned, unless this proves impossible or requires a disproportionate effort. Upon the request of the data subject, the Data Controller shall inform these recipients,
i) right to data portability:
if the legal basis for the processing is the data subject's consent or the performance of the contract and the processing of personal data is automated, the data subject is entitled to:
- receiving the personal data concerning him / her made available to the Data Controller in a structured, widely used, machine-readable format,
- transferring this data to another data controller without being hindered by the Data Controller,
- if this is technically feasible, requesting the Data Controller to transfer personal data directly between data controllers,
j) right to protest:
the data subject is entitled at any time to object, to the processing of his or her personal data necessary for the performance of a task performed in the legitimate interests of the Data Controller or a third party due to reasons related to his or her own situation. In this case, the Data Controller shall not be entitled to further process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or protection of legal claims.
k) right to remedy:
if, in the opinion of the data subject, the processing of personal data concerning him or her violates the legal requirements, he or she may file a complaint with the data protection supervisory authority or is entitled to legal remedy.
How can the data subject submit requests for data processing, withdrawal of a given consent to data processing?
The data subject is entitled to submit request
via post to the following address: Tápfutár Webáruház Zrt , Hofherr Albert utca 42., 1194 Budapest,
in person at the seat of the Data Controller: Tápfutár Webáruház Zrt , Hofherr Albert utca 42., 1194 Budapest),
via phone +36 30 / 235 6737
via e-mail: order@biogenicpetvitality.eu
Handling of the data subjects’ request
The Data Controller shall inform the data subject of the action taken on his or her request within one month of receiving the request submitted by the data subject. If necessary, this period may be extended by a further two months. The Data Controller shall inform the data subject of the extension of the deadline - within one month from the receipt of the request -, indicating the reasons for the delay.
If the data subject has submitted the request electronically, the Data Controller shall, if possible, provide the information electronically, unless the data subject requests otherwise.
If the Data Controller does not take action on the data subject's request, he / she shall inform the data subject within one month from the receipt of the request about the reasons for the not taking actions and of the data subject's right to lodge a complaint with a supervisory authority.
Joint data management
The Data Controller does not perform joint data management activities.
What kind of data processor does the data controller use?
The Data Controller is entitled to use data processing service to process the processed personal data.
A processor is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.
The Data Controller shall only use a data processor who provides sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the data processing complies with legal requirements and protects the rights of the data subjects.
The data processor may not use an additional data processor without the prior written ad hoc or general authorization of the Data Controller.
The Data Controller uses the data processing services of the following companies:
In addition to the above, the Data Controller is entitled to use other data processors (e.g. translator, financial expert) for the performance of a given order, about which it informs the data subject individually during the execution of the order.
Are the processed personal data transferred to a third country by the Data Controller?
The Data Controller does not regularly transfer personal data to a third country; in case of an eventual individual data tranfer, the data subjects will be separately informed, accordance with the section of „What rights are data subjects are entitled to”?
What measures are taken by the Data Controller to protect the data?
The Data Controller shall protect the processed personal data by technical and organizational measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage and inaccessibility due to changes in the technology used. In this context, among other things
In order to protect the data files processed electronically in its various registers, the Data Controller shall ensure by an appropriate technical solution that the stored data - unless permitted by law -, cannot be directly linked and assigned to the data subject.
Who shall be responsible for the damage caused by the processing of personal data?
The Data Controller shall be liable for the damage caused by the unlawful processing of personal data or the violation of data security requirements, for the violation of the personal rights of the data subject, and if the violation is acknowledged or legally established, the damage shall be compensated. In the event of a violation of the data subject's right to privacy, the data subject may claim damages (Section 2:52 of Act V of 2013 on the Civil Code). The Data Controller is also liable for the damage caused by its engaged data processor.
The Data Controller shall be released from liability in case of proving that it shall not be liable in any way for the event that caused the damage.
What remedies are available to you in relation to data process?
In connection with the lawfulness of data processing, the data subject is entitled to initiate the procedure of the National Data Protection and Freedom of Information Authority (Falk Miksa utca 9-11. 1055 Budapest, Postal address: 1363 Budapest, Pf. 9., website: www.naih.hu, phone: +36 (1) 391 -1400, fax: +36 (1) 391-1410, central e-mail address: ugyfelszolgalat@naih.hu) or, at your choice, you may initiate a legal proceeding in front of the court of your address (domicile) or the Data Controller's registered office. You can find the court of your place of residence or temporary address at http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso.
In the absence of such obligation, a Data Protection Officer was not appointed by the Data Controller.
II/1. Processing personal data required for registration on the website
Purpose of the data process
Creation of an account with registration
Processed personal data
Name, password, home address, location, email address, username
Legal basis of the data processing
consent (Article 6 Point 1) a) of GDPR)
Duration of the data processing
Until your consent is revoked or your registered account is deleted
Information / source of data on the provision of data by the data subject
in the absence of data provision, creating a registered account and placing an order is not possible
II/2. Data processed in connection with an order in a webshop
Purpose of the data process
Fulfilling an order in a webshop
Processed personal data
Name, password, date of birth, home address, location, email address, username, shipping address]
Legal basis of the data processing
performance of the contract (Article 6 Point 1) b) of GDPR)
Duration of the data processing
Equal to the limitation period, which is 5 years
Information / source of data on the provision of data by the data subject
in the absence of data provision, you cannot place an order in our Webshop
II/3. Personal data processed during accounting procedures
Purpose of the data process
Performance of accounting obligations
Processed personal data
personal data processed in connection with the fulfilment of accounting obligations
Legal basis of the data processing
Performance of legal obligation (Article 6 Point 1) c) of GDPR and Act on the Rules of Taxation and act on Accounting)
Duration of the data processing
The period specified in the effective laws, currently 8 years.
Information / source of data on the provision of data by the data subject
the provision of data is based on a legal obligation.
II/4. Complaint handling
Purpose of the data process
Complaint handling and investigation
Processed personal data
Name, password, date of birth, address, e-mail address, all information in the complaint
Legal basis of the data processing
Performance of legal obligation of the data processor (Article 6 Point 1) c) of GDPR and paragraphs (5) and (7) of Section 17/A. on consumer protection
Duration of the data processing
5 years
Information / source of data on the provision of data by the data subject
You can not exercise your consumer rights.
II/5. Registration to newsletter
Purpose of the data process
Sending a newsletter about news
Processed personal data
Name, e-mail address, date of birth
Legal basis of the data processing
Consent
(Article 6 Point 1) a) of GDPR, and paragraph 1) Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities as well as Act CVIII of 2001
Duration of the data processing
Until the consent is revoked.
Information / source of data on the provision of data by the data subject
You will not longer receive our newsletters.
II/6. Cookies used on the website
Purpose of the data process
Enhancing user experience
Processed personal data (in order)
1. CookieConsent
2. ssupp.vid
3. _ga
4. _gat
5. _gid
6. ssupp.visits
7. VISITOR_INFO1_LIVE
Legal basis of the data processing
Consent
(Article 6 Point 1) a) of GDPR, and legitimate interest (Article 6 Point f)
Duration of the data processing (in order)
1. 1 year
2. 6 months
3. 2 years
4. 1 day
5. 1 day
6. 6 months
7. 179 days
Information / source of data on the provision of data by the data subject
1. Stores the user's cookie consent state for the current domain
2. Necessary for the functionality of the website's chat-box function.
3. Preserves users states across page requests.
4. Used by Google Analytics to throttle request rate.
5. Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
6. Identifies the last page visited by the visitor. This is used in order to make the chat-box function more relevant.
7. Tries to estimate the users' bandwidth on pages with integrated YouTube videos.
II/7. Return of products
Purpose of the data process
Performing the return of products in case of exercising the right of withdrawal
Processed personal data
Name, password, date of birth, home address, location, e-mail address, other data recorded in the handover protocol]
Legal basis of the data processing
Performance of legal obligation
(Article 6 Point a) of GDPR, and legitimate interest (Article 6 Point f)
Duration of the data processing
5 years
Information / source of data on the provision of data by the data subject
The source of the data is the data subject. If you do not provide your details, you will not be able to exercise your right of withdrawal.
