DATA PROCESSING NOTICE
The purpose of this Notice is to provide adequate information about the data processing activity concerning personal data to the visitors and customers of the www.najadefins.org website, being data subjects according to the rules in the EU General Data Protection Regulation (GDPR)[1]. The conditions of shopping in the Webshop are governed by the General Terms and Conditions (hereinafter referred to as “GTC”).
Contents
1. DATA OF THE DATA CONTROLLER
2. DATA OF THE HOSTING SERVICE PROVIDER
3. OUR DATA PROCESSING ACTIVITY
2. Data control activity during shopping in the Webshop
2.1. Performance of sales contracts
2.3. Execution of payment transactions
4. Withdrawal. Cancellation of contract
5. Administration related to guarantee claims
7. Fulfilling tax and accounting obligations
5. DATA PROCESSED OTHERWISE IN OTHER MANNERS – COOKIES
6. DATA CONTROL ON SOCIAL SITES
7. YOUR RIGHTS REGARDING THE PROTECTION OF YOUR PERSONAL DATA
NAME OF COMPANY ALPIN NAJADE-FINS KFT.
Registered address: 4034 Debrecen, Magyari u. 15.
Company registry number: 09-09-024669
Registered by Court of Registration of the Regional Court of Debrecen
Tax number: 24353797-2-09.
Community tax number: HU24353797.
Bank account number: HUF 10300002-10598516-490020017
EUR 10300002-10598516-48820010
Represented by János Moravecz, managing director
Tel: +36 20 933-8810, +36 30 942-4615
Website / Webshop: www.najadefins.org
Customer service: info@najadefins.org
Company name: RACKFOREST INFORMATIKAI KERESKEDELMI SZOLGÁLTATÓ ÉS TANÁCSADÓ KFT.
Office address 1132 Budapest, Victor Hugo u. 18-22., 3. em. 3008. a.
Address of server rooms: Budapest, District XIII, Victor Hugo u. 18-22. 3. em., District VIII, 1087, Asztalos Sándor u. 13., District X, 1108, Budapest, Kozma u. 2.
Tax number: 14671858-2-41
The Data Processing Notice applies to the Webshop available on the www.najadefins.org website and the products and services sold through it.
We provide the services of our Webshop and carry out our data processing activities from Hungary.
For the purposes of this policy, ‘User/Visitor’ is a natural person who visits our Webshop, regardless of whether or not he uses our service.
Customer: A natural person who initiates purchasing the products advertised in the Webshop by means of an order, who is considered a consumer under Government Decree 45/2014 on the Detailed Rules of Contracts between Consumers and Undertakings.
We inform our visitors that our Undertaking:
· is carry out its data processing activities lawfully, fairly and, with respect to the data subjects, in a transparent way in the manner set out in this data processing notice;
· is processing personal data only for specific, explicit and legitimate purposes;
· is processing only personal data in order to achieve the data processing purposes defined by it, which is essential for accomplishing the purpose of data control and is suitable for achieving the target or, in accordance with the principle of data minimisation, as many as is strictly necessary to achieve the purposes;
· strives to ensure that its records are accurate and up to date;
· stores the data only for as long as is necessary to achieve its objectives and the data subject consents or a regulatory requirement permits;
· takes all technical and organisational measures expectable from it to protect the data;
· accepts responsibility for the compliance of its data processing activities with the law.
The visitors of the Webshop have the opportunity to register with us in order to facilitate future login, arrange purchases and access the data of previous purchases. Registered customers of our website can easier retrieve previously purchased products (size, type, etc.) and order new sports goods. During registration, the processing the data entered into the form introduced for this purpose (first name, middle name, last name, telephone number, e-mail address, country, city, postal code, street, number, shipping address, billing information, the branch of sport and name of the club) is, therefore, necessary for the performance of contracts to which the data subject is a party or in order to take steps at the request of the data subject. Registration is not mandatory, and a sale and purchase contract can be concluded without registration as well.
The registration data will be processed on the admin interface of the Webshop until the purpose of data processing is fulfilled.
Your data provided during registration will not be transferred to third parties.
By sending orders in the Webshop, the data entered voluntarily by the customers of the Webshop in the form introduced to that end (last name, first name, middle name, telephone number, e-mail, country, city, postal code, street, house number, content of the order, the price payable, comments, shipping address, billing information, shipping and payment method of choice, validated coupon discount, the branch of sport and name of the club) is processed to achieve the following purposes.
The conditions of contracts between the Customer and the seller, being distance contracts, are set out in the GTC. In addition to the data necessary to identify the parties, we send information on the processing of the order by e-mail (delivery for shipping). You can clarify the order, request consulting according to the chosen branch of sport and support product testing by the team/group among the contact details.
The Customer’s name, the delivery address and contact data are transferred to our contracted partner providing postal or courier activities in the chosen destination country. Data transfer is necessary for the performance of the contract between the data subject and the data controller.
Shipping partners:
Magyar Posta Zártkörűen Működő Részvénytársaság
Registered address: Budapest, 1138 Budapest, Dunavirág utca 2-6.
Postal address: Budapest 1540 Company registry number: 01-10-042463
Personal customer service office: 1101 Budapest, Üllői út 114-116.
Telephone: 06-1-767-8282
E-mail ugyfelszolgalat@posta.hu
DHL Express Kft. – Hungary
Registered address: 1185 Budapest, BUD Nemzetközi Repülőtér repülőtér 302. ép.
Company registry number: № 01-09-060665
Tax number: 10210798-2-44
Telephone: Tel.: +36 1 2 45 45 45
Availability of certain lines of business: https://www.logistics.dhl/hu-hu/home/kapcsolatfelvetel.html
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Registered address: 2351 Alsónémedi
GLS Európa u. 2.
e-mail: info@gls-hungary.com
Company registry number: 13-09-111755
Tax number: 12369410-2-44
Community tax number: HU12369410
Telephone: +36 1 802 0265
Mobile: +36 20890-0660
Hunicorn Nemzetközi Szállítmányozási Zrt.
Address. H-1102 Budapest, Szent László tér 20.
Telephone: +36-1-433-1313
Fax: +36-1-260-1056
E-mail: hunicorn@hunicorn.hu
Website: http://hunicorn.hu/
When shopping in the Webshop, Customers have the option to make an online payment on the sites of the OTP Simple Pay and PayPal providers or initiate a bank transfer. When you are redirected to the site of the online service providers, the data necessary to arrange the transactions are transferred to the above providers.
OTP Simple Pay: content of shopping cart, order ID, e-mail address
PayPal: content of shopping cart, currency, total price, order ID
Provider engaged in data processing related to payment by using the SimplePay service
Name of data processor: OTP Mobil Kft.
Mailing address of data processor: 1143 Budapest, Hungária körút 17-19.
Contact of the data processor: Tel: +36 1/20/30/70 366 6611, e-mail: ugyfelszolgalat@simple.hu
The nature and purpose of the data processing activities carried out by the data processor can be viewed in the SimplePay Data Protection Notice at the following link: http://simplepay.hu/vasarlo-aff
I understand that my personal data below stored in the users’ database of www.najadefins.org, operated by the data controller Alpin Najade-Fins Kft. of 4028 Debrecen, Magyari utca 15., will be transferred to OTP Mobil Kft. as the data processor. The scope of data transferred by the data controller is the following: name, order ID, amount purchased.
The nature and purpose of the data processing activities carried out by the data processor can be viewed in the SimplePay Data Protection Notice at the following link: http://simplepay.hu/vasarlo-aff
Provider engaged in data processing related to payment by using the PayPal provider
Name of data processor: PayPal (Europe) S.à r.l. et Cie, S.C.A.
Mailing address of data processor: Attention: Legal Department, 22-24 Boulevard Royal L-2449, Luxembourg
A list of the contact details of the controller: https://www.paypal.com/hu/smarthelp/contact-us
PayPal, being a financial service provider, performs in data processing activity in accordance with the data processing notice published on its website (https://www.paypal.com/hu/webapps/mpp/ua/privacy-full).
The legal basis of our data processing is the contractual relationship that is created between us based on your order; therefore, no further consent is required for processing your data. This data is necessary for the fulfilment of your order. If the data is incomplete or missing, the contract is not concluded.
We do not perform automated decision-making or profiling based on the data you provided.
Your data processed in the framework of our contract will be processed as long as legal claims arising from the contract can be enforced.
When browsing the Webshop, you have the option of sending questions related to the conditions of shopping, delivery, prices and guarantee/product warranty conditions, complaints, requests concerning data processing or remarks to us by filling the form to that effect. The data you provide (name, e-mail address, subject) is processed in our mailing system until the purpose of data processing is achieved. Data processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject before entering into a contract (Article 6(1)(b) of the Regulation), considering that sending messages is necessary for the preparation of the contract or consulting related to its performance.
Your personal data provided in order to exercise the right of withdrawal due to the customers of the Webshop (name, address, date of the contract, date of receipt, product information) will be retained for 3 years after having fulfilled the money refund obligation following receipt of the declaration of withdrawal form. The legal basis of data processing is to fulfil the legal obligation, which requires us to provide you with the right of withdrawal[2]. The duration of the data retention period is governed by the consumer protection rules in force.
In the event of recourse to an implied warranty/product warranty/guarantee claim corresponding to the consumer protection rules, we process your name, address, telephone number and e-mail address. The legal basis of processing is the fulfilment of our legal obligation set out in the contract made through the purchase. Based on the provisions of Act CLV of 1997 on Consumer Protection in force, we are obliged to keep such data for 5 years.
If you have a complaint, you must provide your name, address, e-mail address and the subject of the complaint in order to investigate the complaint. The source of the data is the complaint lodged by you. According to the consumer protection regulations, complaints received are stored electronically or on paper for 5 years for complaints management purposes. The legal basis of the processing is our obligation provided for in the consumer protection legislation.
We issue an invoice on your purchase in our Webshop in all cases, whose details (name, address and, for companies, the tax identification number) are kept for eight years in accordance with legal requirements (based on the relevant provisions of Act CXXVII of 2017 on Value Added Tax). The data of the invoices is transferred for processing to the provider carrying out the tax and accounting duties of our undertaking.
To fulfil our legal obligation, your invoice data is transferred to the National Tax and Customs Authority.
During our processing activity, we provide for observing the data protection and confidentiality requirements applicable to us.
The data provided during browsing is processed in the admin interface of the Webshop, and the security of the data is ensured by our data processor partner providing the hosting service. Invoicing data is stored in our billing system. All the data we process can be accessed by the employees engaged in the operation of the Webshop, but we do not transfer data to third parties other than the data transfers set out in the above sections.
The partners engaged in delivery and the financial service providers are responsible for their own data processing activities.
Our website is SSL certified, which ensures that your data provided in the Webshop during the transactions is not accessed by unauthorised persons.
We protect the data by appropriate technical and organisational measures against unauthorised access, alteration, conveyance, public disclosure, deletion or destruction and accidental destruction or damage as well as becoming inaccessible resulting from changes in the technology used.
We have an appropriate incident management plan in the event of a data breach.
Like all websites, we are interested in the visitation data of our data and would like to use the cookies of Google Analytics and Facebook to be able to give relevant offers to our visitors.
Therefore, the browsing data of the Webshop is placed on your Internet-enabled device (PC, tablet, laptop, telephone) in the form of cookies.
Scope of processed data: unique identification number, dates, times, contents of the shopping cart.
Purpose of processing: identification of users, keeping the data of the “shopping cart”, tracking the browsing activities of visitors, remarketing and analysis of visits.
Legal basis of processing: data subject’s consent, which he/she can give in the cookie bar appearing during the first browsing. Our undertaking can process personal data in order to provide the service, which is technically indispensable to provide the service, including all the information stored by those cookies that are required for operating the website according to its purpose. No consent from the data subject is required to store cookies that facilitate such a basic operation.
The Google Analytics system measures visitation data of the Website. In analysing the data, the identity of the visitor remains unknown. The data is stored on Google’s server in the USA. Using this cookie, Google will report to the website operator in connection with the browsing and activity of the website. You can read more on this here: https://www.google.com/policies/technologies/types/.
If you turn off storing cookies in your web browser, not all features of the website may be properly used.
Cookies used by the website
|
Name |
Type |
Purpose and description |
Expiry |
|
ci_session |
Ensures default operation |
The website is not working properly without it, given that this session cookie ensures identification of the user until the end of the current browsing session and the use of the website. Therefore, placing these cookies does not require consent by the visitor. |
When the browsing session ends |
|
cookieconsent |
Ensures default operation |
This cookie stores data on the decisions of the user regarding cookie usage. The cookie is placed after the user has accepted the use of cookies in the cookie bar at the bottom of the webpage. |
1 year |
|
_ga |
For statistical purposes |
The _ga cookie is used to distinguish the users (or, more precisely, the browsers). It contains a random number as the value (e.g. GA1.2.255322818.1517541613). It is used to prepare long-term statistics of the website visits by the users. The website appears in every page request. By default, it expires after 2 years, but website owners can change this at will. |
2 years |
|
_gat |
For statistical purposes |
Based on the information provided by Google, the _gat cookie is used to control the frequency of requests – it limits the collection of data on high-traffic websites. The website appears in every page request. Expires after 1 minute. |
1 minute |
|
_gid |
For statistical purposes |
Detailed information about the _gid cookie is not available from Google. It stores a unique value for each visited page. It contains a random number as the value (e.g. GA1.2.255322818.1517541613). It can be used similar to the _ga cookie. The website appears in every page request. Expires after 24 hours. |
24 hours |
|
1P_JAR |
For statistical purposes |
This cookie collects website statistics and measures conversions according to the google.com Privacy Statement. |
1 month |
|
CONSENT |
For statistical purposes |
A cookie required by Google Maps, according to the google.com Privacy Statement. |
20 years |
|
_fbp |
Remarketing |
A cookie required for the Facebook pixel. Helps identify the user. |
90 days |
|
_fbc |
Remarketing |
A cookie required for Facebook pixel. We use it when the user arrives at the website from an advertisement and helps its tracking. |
90 days |
Purpose of the data control: Sharing and/or liking certain content elements, products, campaigns of the website or the website itself and/or the products on the Facebook.com, Twitter.com and Google+ sites.
Cookies that facilitate visiting, sharing and liking the social sites are provided by the service of the social sites, so the anonymous data processed by these cookies can be accessed by the providers of these social sites, meaning, that they can access through their services the scope of anonymous data processed for measuring the visitation of the above-mentioned website and mapping the browsing habits and such data is used to prepare the above-mentioned analyses and to send targeted advertising to the browser users. In doing so, they determine the possible explorable scope of interest by linking the anonymous data and the IP address of the devices used for browsing based on the browsing habits performed from the device and then deliver the targeted advertising to the device concerned.
IF YOU DO NOT SUPPORT THE USE OF COOKIES
You can always change the cookies settings through your browser. You can disable the use of cookies in a way that you activate the browser setting that allows you to refuse to place all or specific cookies. These options are usually available in the "Options" or "Preferences” menu of the browser. You can learn more details on the following links:
Chrome: https://support.google.com/chrome/answer/95647?hl=hu
Internet Explorer: visit the https://support.microsoft.com site and enter the word ‘Cookies’ in the search bar.
Safari: visit the https://support.apple.com/hu-hu site and enter the „cookies” word in the search bar.
Opera: http://help.opera.com/Windows/10.50/hu/cookies.html
Users/visitors acknowledge that the rejection of cookies makes some features of the webshop unavailable in part or whole.
In accordance with the provisions of the GDPR[3], You are entitled to receive free of charge information on the facts related to data processing, which is provided in the Data Processing Notice.
To request information on your rights related to the protection of personal data or to exercise these rights, you can contact us on the customer support channels, or you can use the form introduced for messaging.
You have the right to request information about the data processed about you, the purpose and legal basis of the data processing, the source of the data, the data processors and data breaches involving your data. The information can be requested free of charge.
You can request the rectification of the personal data relating to you and, in certain cases, the erasure or limiting the processing of the data, and you have the right to request data portability.
You have the right to address the supervisory authority with your complaint.
We do not assume any responsibility for the authenticity of the personal data provided by you. However, if you notify us about any change in your personal data, we will keep them accurate and up-to-date.
Before, during and after providing the data, you can come to know our data processing notice at any time, which is posted in the Webshop on a separate link.
We do not transfer, sell or make available the data stored about You to any company or individual or a third party other than the data processors presented in the data processing purposes under any circumstances. Any deviation is possible only in the cases required by the law.
If you request the erasure of your personal data or raise an objection, we will investigate your request and comply with your request unconditionally and free of charge within 15 days, of which you will be notified in writing, unless we are obliged to restrict or store your data for any other reasons.
If you have any comments or suggestions concerning your personal data or require additional information or any problem arises, you can contact us at the contact addresses indicated in the Webshop. Kindly send statements concerning your personal data in writing to our postal address or by e-mail. Your letter will be responded within 30 days after receipt.
In the case of a complaint, you have the right to address the National Authority for Data Protection and Freedom of Information (NAIH) as the supervisory authority or the court.
Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information)
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, Pf.: 5.
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu/
This data processing notice enters into force on the date of publication on the website.
Our undertaking reserves the right to modify the content of the data processing notice unilaterally. We notify our Visitors of the changes, but this does not affect the legality of the prior data processing.
The Data Processing Notice in force from time to time can be accessed in Hungarian and English and the foreign language you have chosen in the webshop in the Data Processing Notice menu of the Webshop. In the case of dispute, the Hungarian version of the data processing notice shall prevail.
ALPIN NAJADE-FINS KFT.
RELEVANT LEGISLATION AND REGULATIONS
· Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter, the “GDPR”),
· Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information Info Act),
· Act CVIII of 2001 on Certain Issues Concerning Electronic Commerce Services and Information Society (“eTradeAct”),
· Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing (“DMAct”)
· Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (“Advertising Act”)
BASIC CONCEPTS USED IN THE NOTICE
Data subject: any natural person who is identified or can, whether directly or indirectly, be identified on the basis of any specific personal data.
Data subject’s consent means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by clear affirmative action, signifies agreement to personal data relating to him or her being processed.
Personal data: any information relating to the data subject, in particular by reference to his name, address, telephone number, or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject.
Data controller means any natural or legal person or organisation lacking legal personality that, alone or jointly with others, determines the purposes of the data control, makes decisions regarding data control (including the means) and implements such decisions itself or engages a data processor to execute them; in our case, the Provider is the data controller.
Data processing: any operation or multiple operations on data provided by the data subject to the Provider, regardless of the procedure applied, in particular, collection, recording, organisation, storage, alteration, retrieval, transfer, disclosure, alignment or combination, restriction, erasure or destruction, as well as prevention of further use of the data;
Data breach: unlawful processing of personal data, in particular unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction and damage.
Third party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Data security: the entirety of organisational and technical solutions and procedural measure to prevent unauthorised processing of personal data, in particular, acquisition, processing, alteration and destruction; a status of processing where the risk factors and, thus, the threat, are reduced to the minimum by means of organisational and technical solutions and measures.
Legal basis of data proceeding: As a rule, the consent of the data subject or mandatory data control required by the law (e.g. performance of a contract or legal obligation, etc.).
[1]Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)
[2] Government Decree 45/2014. (II. 26.)
[3] Articles 15-22