Monofox Ltd. - Date of issue: 25.08.2020.
1.
The purpose of the Privacy Policy is to define the principles and rules for the processing of personal and other data provided by visitors to the website www.groomart.hu during the use of the website and processed by Monofox Ltd.
2.
The data protection policies relating to the data processing of the Service Provider are continuously available at https://groomart.hu/adatkezelesi-tajekoztato/. The Service Provider reserves the right to change this policy at any time.
3.
The Service Provider shall treat personal data confidentially and in accordance with the applicable legal provisions, shall ensure their security and shall take the necessary administrative, logical and physical security and organisational measures, as well as establish the procedural rules necessary to enforce the relevant provisions of the applicable legislation.
The Service Provider shall, in the processing of data, preserve confidentiality: protect the information so that only those who are authorised to have access to it can do so; integrity: protect the accuracy and completeness of the information and the method of processing; availability: ensure that the information can be accessed and the means to do so are available when the authorised user needs it.
The Service Provider, as data controller, undertakes to ensure that all data processing in relation to its activities complies with the provisions of this Privacy Notice and the relevant applicable law.
The Service Provider has appointed a Data Protection Officer:
Contribute to and assist in the taking of decisions relating to the processing of personal data and to safeguard the rights of data subjects;
monitor compliance with the provisions of the law and other legislation applicable to data processing, internal data protection and data security policies and data security requirements;
investigate the notifications it receives and, where it detects unauthorised processing, require the controller or processor to cease it;
ensure that data protection education is provided.
ensure that legal requirements are met within the organisation
ensuring that the legal requirements relating to data protection are met by the data processors involved
4) Legislative background
The Service Provider shall comply with the legal requirements relating to the processing of personal data at all stages of data processing. The data processing carried out by the Service Provider shall be governed in particular by the provisions set out in the following legislation:
Act V of 2013 on the Civil Code ("Civil Code")
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR);
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (the "Data Protection Act")
5) Concepts
Concept Description
Data subject Any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data.
personal data Data that can be associated with the data subject, in particular the name, the identification mark and one or more physical, physiological, mental, economic, cultural or social identifiers of the data subject, and the inference that can be drawn from the data concerning the data subject.
Consent A voluntary and explicit indication of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, whether in full or in part, for specific operations.
objection A statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data.
processing Any operation or set of operations which is performed upon personal data, regardless of the procedure used, such as collection, recording, recording, organisation, storage, alteration, use, disclosure, transmission, alignment or combination, blocking, erasure and destruction, blocking further use of the data, taking of photographs, audio or video recordings and the recording of physical characteristics which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans)
data processing The performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
transfer The making available of data to a specified third party.
disclosure The making available of data to any person.
data controller The natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which personal data are to be processed, takes decisions regarding the processing (including the means used) and implements them or has them implemented by a processor on its behalf.
processor A natural or legal person or unincorporated body which processes data on the basis of a contract, including a contract concluded pursuant to a legal provision.
data erasure The rendering of data unrecognisable in such a way that it is no longer possible to retrieve them.
data set The set of data managed in a register.
third party A natural or legal person, or an unincorporated organisation, other than the data subject, the controller or the processor;
6) Data controller's details and contact details
Name of the controller.
Head office of the controller. 3.
Phone number of the controller: +36 30 269 20 24
Company registration number: 01-09-376893
Tax number: 28948278-2-43
E-mail address: hello@groomart.hu
Website operated by the data controller: https://groomart.hu
Contact details of the data controller: ShopRenter.hu Kft. - 4028 Debrecen, Kassai út 129.
7) Data Protection Officer
Name of the Data Protection Officer: Dóra Kapots
Data Protection Officer's telephone number: +36 30 269 20 24
E-mail address of the Data Protection Officer: hello@groomart.hu
8) Data Processors
Company name of the data controller: RackForest Kft.
Registered office of the data controller: 1132 Budapest, Victor Hugo utca 18-22.
Company registration number: 01-09-914549
Tax number: 14671858-2-41
The data will be transferred to RackForest Kft. after the registration in the webshop, as these data are processed on RackForest's online platform.
The name of the data controller is GLS Hungary Kft.
The data controller's registered office is located at 2, 2351 Alsónémedi GLS Európa u. 2.
Company registration number: 13-09-111755
Tax number: 12369410-2-44
GLS Hungary Kft. will receive data for the purpose of delivering the Service Provider's parcels, only the name, e-mail address, telephone number and exact address of the data subject. The company will not be informed about the exact contents of the parcel.
Company name of the data controller: Mailchimp - The Rocket Science Group, LLC
Headquarters of the controller: 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA
Tax ID: MOSS No. EU372008134
Mailchimp - The Rocket Science Group, LLC receives data from data subjects who, after registration, customer enquiry or purchase, have given their consent to receive further newsletters and/or direct marketing from the Service Provider. The name, e-mail address and telephone number of the data subject, as well as the value and content of the product purchased, will be transmitted for the purpose of making further offers.
The Service Provider is contractually bound to all data processors in accordance with the legal requirements, which ensure that personal data are processed only on the basis of written instructions from the data controller, that the data processor is bound by confidentiality obligations, that the data processor provides guarantees for the IT and other security conditions of the data processor and that the data processor provides all necessary information to the data controller upon request. Data subjects shall consent to the transfer of data to any of the above processors subject to the conditions detailed above.
9) Scope, legal basis and revocability of personal data processed
We set out in detail below how, in each case:
the purpose of the processing
what is the legal basis for the processing
what personal data are processed
who are the data subjects
the purpose of the data processing, what is the purpose of the data processing, what is the purpose of the data processing, what is the purpose of the data processing, what is the purpose of the data processing, what is the purpose
whether the data subject is obliged to provide the personal data
what the consequences may be if the data subject does not provide the personal data
how long the controller will store the personal data provided
Voluntary consent to data processing:
By accepting the Privacy Notice, users expressly consent to the processing of their personal data by the Data Controller in the manner described in this Privacy Notice. If the visitor does not provide his/her own personal data, the Data Controller is obliged to obtain the consent of the data subject. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing, without prejudice to the lawfulness of the previous processing.
10.1) Personal data provided during registration
The purpose of the processing is to provide a personalised service to data subjects through the webshop. The legal basis for the processing is the voluntary consent of the data subject to the processing, acceptance of the content of the privacy policy during registration. The personal data to be processed are the username chosen by the data subject, the data subject's own e-mail address. The data subject is any interested person who registers on the website. Consent may be withdrawn by cancelling the registration, but the withdrawal of consent does not affect the lawfulness of the processing that took place prior to the consent. The data subject is obliged to provide the data, as future identification cannot be carried out without the data listed. If the data subject does not provide the personal data, the registration cannot be completed, but the data subject may continue to view the public parts of the website without restriction. The storage period lasts until the registration is deleted.
10.2) Personal data provided during telephone or direct contact
The purpose of the processing is to provide personalised service to the data subjects and to send a quotation at their request. The legal basis for the processing is the voluntary consent of the data subject to the processing, the collection of the data is initiated by the data subject. The personal data processed are the name, telephone number and e-mail address of the data subject. The data subject is any interested person who initiates a contact. Consent may be withdrawn by e-mail or by telephone, but the withdrawal of consent does not affect the lawfulness of the processing that took place prior to the consent. The data subject is obliged to provide the data, as future identification cannot be carried out without the data listed. If the data subject does not provide the personal data, the offer cannot be made. The storage period is 1 year after the offer is made.
10.3) Cookies and IP address
The Service Provider shall place an anonymous user identifier (cookie) on the computer of the Data Subject, which is not able to identify the Data Subject in any way, it is only able to recognize the computer of the Data Subject, it is not necessary to provide name, e-mail address or any other personal information, since when using the solution the User does not provide the Service Provider with personal data, the data exchange is only and exclusively between the machines.
The User is entitled to prohibit the placement of a unique identifier (cookie) on his/her computer by setting his/her browser. The user has the right to block the use of marketing and other cookies in the window that pops up when viewing the websites.
The Service Provider processes cookies for the purpose of data processing in order to learn more about the information usage habits of the Data Subjects and thus improve the quality of its services, as well as to publish customized pages and marketing (advertising) materials during the visit of the website. The personal data that will be processed are the Cookies used by Google Analytics, the Cookies used to support the operation of the website and the Cookies used for marketing purposes. All interested parties who initiate a contact are affected by the processing. Consent may be withdrawn by e-mail or by telephone, but the withdrawal of consent does not affect the lawfulness of the processing that took place prior to the consent. The data subject is obliged to provide the data, as future identification cannot be carried out without the data listed. If the data subject does not provide the personal data, the offer cannot be made. The storage period is 1 year after the offer is made.
Cookies collect information about visitors and their devices; they remember visitors' individual preferences, which are used, for example, when requesting online transactions, so that they do not have to be re-entered; they facilitate the use of the website; they provide a quality user experience.
10.4) Account creation
The purpose of the processing is the legal compliance of the Service Provider: the issuing of invoices. The personal data to be processed are the name of the data subject, his/her billing address, e-mail address in case of issuing an e-invoice. The data subject is obliged to provide the data, the collection process cannot be started without the requested data. If the data subject does not provide the personal data, the purchase process cannot be completed.
10.5) Package delivery
The personal data of the data subject will be transferred to the partner for the purpose of delivering the parcels of Monofox Ltd. The personal data to be processed are the name, e-mail address, telephone number and postal address of the data subject. The company will not be informed of the exact contents of the parcel.
10.6) Newsletter sending
The purpose of the processing is the sending of regular newsletters by Monofox Ltd. The Service Provider provides Mailchimp - The Rocket Science Group, LLC with the data of those data subjects who, after registration, customer enquiry or purchase, have consented to the Service Provider sending them additional newsletters and/or direct enquiries. The name, e-mail address and telephone number of the data subject, as well as the value and content of the package purchased, will be transmitted for the purpose of making further offers.
11.) Transfer of data abroad, to an international organisation
The Data Controller does not directly transfer personal data abroad, personal data are stored exclusively in Hungary. Where personal data are stored or transmitted by a data processor inside or outside the European Union, the storage or transmission shall be carried out in the manner prescribed by the GDPR.
12) Data subject's rights and means of enforcement
12.1) Right to transparent information
The right to adequate and transparent information is a fundamental right of the data subject and an obligation incumbent on the controller. The Data Controller shall inform the data subject in a concise, transparent, intelligible, easily accessible format, in a clear and plain language of the circumstances of the processing and of the rights to which he or she is entitled.
Where information is requested, it shall be provided without undue delay and within a maximum of 30 days.
12.2) Right of access
The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and related information, in particular the source of the personal data and whether or not the data have been disclosed to third parties. The controller shall provide the information within a maximum of one month from the date of the request.
12.3) Right to data retention
The data subject shall have the right to receive personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.
12.4) Right of rectification and amendment
The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the rectification or integration of inaccurate personal data relating to him or her.
12.5) Right to be forgotten, erasure
The controller shall erase personal data relating to the data subject without undue delay where one of the following grounds applies:
personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the storage period set by the controller has expired
the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
the personal data have been collected in connection with the provision of information society services.
Where the processed data are necessary for law enforcement purposes, such as accounting to a public authority, the processing may be carried out for compliance with a legal obligation or on the basis of legitimate interests.
In the course of erasure, the controller must also notify the data processors involved of the erasure obligation.
12.6) Right to object
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
12.7) Right to restriction of processing
In the case of restriction, personal data may only be stored, other processing may only be carried out with the consent of the data subject, for the purpose of a legal claim or in the public interest. The data subject shall have the right to obtain from the controller, at his or her request, the restriction of processing where one of the following conditions is met.
the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period which allows the accuracy of the personal data to be verified;
the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims;
the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
12.8) Automated decision-making in individual cases, including profiling
The Service Provider does not use or perform profiling, automated decision-making, automated mechanisms.
13) Automated decision-making and profiling
The Service Provider does not use or perform profiling, automated decision-making, automated mechanisms. Nor does the Service Provider allow its data processors to carry out automated decision-making or profiling, unless the data subject has given his or her specific consent in writing.
14) Data protection incident, data protection log
The Data Controller shall inform the competent Authority and the data subjects concerned of any data protection incident as soon as possible after becoming aware of it, but not later than 72 hours at the same time. The Data Controller shall use its reasonable endeavours to mitigate the data protection and other harm caused to data subjects as a result of the incident. The Data Controller shall ensure that similar incidents do not occur in the future.
The Data Controller shall keep a so-called data protection log of all data protection incidents - data subjects' requests for data protection, possible data protection incidents - and shall provide information on the content of the log for the data subject concerned upon request.
15.) Recourse to the courts
The data subject may take the Data Controller to court in the event of a breach of his or her rights. The court shall rule on the case out of turn. The court shall have jurisdiction to hear the case. The action may also be brought before the courts for the place where the controller is established or, at the choice of the data subject, for the place where the data subject resides or is domiciled.
If the Data Controller causes damage to another person by unlawful processing of the data subject's data or by breaching the requirements of data security, the Data Controller shall compensate the damage. If the Controller infringes the data subject's right to privacy by unlawfully processing his or her data or by breaching the requirements of data security, the data subject may claim damages from the Controller. The Controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject's personality rights was caused by an unforeseeable cause outside the scope of the processing. No compensation shall be due and no damages shall be payable where the damage or injury to the personality rights of the data subject was caused by the intentional or grossly negligent conduct of the data subject.
16) Administrative procedure, lodging a complaint
The data subject may lodge a complaint or request information from the competent authority:
Name: National Authority for Data Protection and Information
Headquarters.
Postal address: 1530 Budapest, PO Box 5.
Postal address: 1530 Budapest, PO Box 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://naih.hu
17) Other provisions
Information on data processing not listed in this notice will be provided in detail at the time of collection. The Service Provider will only disclose personal data to public authorities to the extent and to the extent strictly necessary for the purpose of the request, provided that the public authority has indicated the exact purpose and scope of the data.
