PRIVACY POLICY

and data processing information for visitors and users of www.kondorfaautokozmetika.hu

1. INTRODUCTION

The operator of www.kondorfaautokozmetika.hu (hereinafter: the Website) is Justítia Hungary KFT (hereinafter: the Controller). By publishing this Privacy Policy and Data Processing Notice (hereinafter: Privacy Policy), the Controller describes the principles governing its data processing, which it recognizes as binding for itself. The Controller takes all reasonably expected measures to ensure the security of the personal data it processes.

Please read this Privacy Policy before using our Website; it clearly explains how we process your personal data. In this Privacy Policy, the Controller provides data subjects with clear and detailed information about all important facts relating to the processing of their data.

In operating the website, the Controller processes the data of registered users on the site in order to provide appropriate services to them. The service provider intends to fully comply with the legal requirements on the processing of personal data, in particular those set out in Regulation (EU) 2016/679 of the European Parliament and of the Council.

This data processing notice has been prepared on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, taking into account Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.

2. DEFINITIONS

• personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• data subject: any natural person who is identified or identifiable, directly or indirectly, on the basis of personal data;
• consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; including preventing further use of the data, making photo, audio or video recordings, and recording physical characteristics suitable for identifying a person (e.g. finger or palm print, DNA sample, iris image);
• erasure: rendering data unrecognisable in such a way that recovery is no longer possible;
• processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
• data processing (as a task): the performance of technical tasks related to processing operations, irrespective of the method and means used for carrying out the operations and of the place of application, provided that the technical task is performed on the data;
• data file: the totality of data processed in a single register;
• personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
• recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients; the processing of those data by those public authorities shall comply with the applicable data protection rules according to the purposes of the processing;
• third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
• information society service: a service provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services;
• electronic commerce service: an information society service aimed at the business-like sale, purchase, exchange or other use of goods (including money and securities, and natural resources that can be exploited like goods), services, real estate, or rights of pecuniary value (hereinafter collectively: goods);
• GDPR (General Data Protection Regulation): the new Data Protection Regulation of the European Union.

3. SCOPE OF USERS

A User is either a registered person on the site or a non-registered person who uses the Website’s services, i.e., any natural person identified or identifiable—directly or indirectly—on the basis of personal data.

4. PRINCIPLES OF DATA PROCESSING

The Controller declares that it processes personal data in accordance with this notice and complies with applicable legislation, paying particular attention to the following:

• Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
• Personal data must be collected for specified, explicit and legitimate purposes only.
• The purpose of processing must be appropriate and relevant, and limited to what is necessary.
• Personal data must be accurate and kept up to date. Inaccurate personal data must be erased without delay.
• Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary. Longer storage is only permissible for archiving in the public interest, scientific or historical research, or statistical purposes.
• Processing must ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
• The principles of data protection apply to any information concerning an identified or identifiable natural person.

5. KEY DATA PROCESSING INFORMATION

• Purpose of processing: maintaining contact, providing information and value-added services.
• Legal basis of processing: the data subject’s consent.
• Categories of data subjects: registered users of the website (newsletter subscribers, persons making enquiries via forms).
• Duration of processing and erasure: always dependent on the specific user purpose; data must be erased without delay once the original purpose has been achieved. The data subject may withdraw consent at any time by sending a message to the contact email address. If there is no legal obstacle to deletion, the data will be erased.
• Persons authorised to access the data: the Controller and its employees.
• The data subject may request access to, rectification or erasure of personal data concerning him or her, or restriction of processing, and may object to processing, as well as exercise the right to data portability.
• The data subject may withdraw consent at any time; withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
• The data subject has the right to lodge a complaint with a supervisory authority.
• If the data subject wishes to use the benefits of registration—i.e., services of the website that require it—providing the requested personal data is necessary. The data subject is not obliged to provide personal data; failure to do so entails no disadvantage. However, certain website functions are not available without registration.
• The data subject has the right to obtain from the Controller, without undue delay, the rectification or completion of inaccurate personal data concerning him or her.
• The data subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller is obliged to erase such data without undue delay where there is no other legal basis for processing.
• Personal data may be modified or deleted by email, phone, or letter using the contact options provided above.

6. NEWSLETTER SENDING

As the operator of the Website, we declare that we fully comply with the relevant legal provisions when publishing our information and materials. We also declare that upon newsletter subscription we cannot verify the authenticity of contact details, nor determine whether the provided data relate to a private individual or a business. Businesses contacting us are treated as client partners.

Purpose of processing: sending professional materials, electronic messages containing advertisements, information and newsletters, which you may unsubscribe from at any time without consequences. You may also unsubscribe without consequences if your business has ceased, you left the business, or someone provided us with your contact details.

Legal basis of processing: your consent. The user may give prior and explicit consent to be contacted by the service provider with promotional offers, information and other messages at the email address provided during registration. Consequently, the user may consent to the service provider processing the necessary personal data for this purpose.

Please note that if you wish to receive our newsletter, you are required to provide the necessary data. Without these, we cannot send you newsletters.

Duration of processing: until consent is withdrawn. You may withdraw your consent to processing at any time by sending a message to the contact email address.

Data will be erased upon withdrawal of consent. You may withdraw your consent at any time by sending a message to the contact email address.

Consent can also be withdrawn via the link included in the newsletters sent.

Persons authorised to access the data: the Controller and its employees.
Mode of storage: electronic.
Modification or erasure of data: may be requested by email, phone or letter using the contact options provided above.
Processor used: currently no external processor.

Data processed	Specific purpose
Name	Identification, contact
Email	Identification, contact
Time of subscription	Technical information operation
IP address	Technical information operation

Please note that your email address does not have to contain data referring to your person. For example, it need not contain your name. You are free to decide whether to provide an email address that contains information referring to your identity. The email address—serving the purpose of contact—is strictly necessary for the newsletter or professional information to reach you.

7. PERSON AUTHORISED TO PROCESS DATA

The person authorised to process personal data is Justítia Hungary KFT (Registered office: 2314 Halásztelek, Heltai köz 4, hereinafter: Processor). Personal data to be processed may be accessed by the Processor’s current legal representative(s), employees/agents/assistants. The Processor does not transfer personal data to third parties, except where the data subject has expressly consented.

Hosting provider

Name/company: Tárhely.Eu Szolgáltató Kft.
Registered office: 1097 Budapest, Könyves Kálmán körút 12-14.
Phone: +36 1 789-2-789
E-mail: support@tarhely.eu

Your data are stored on a server operated by the hosting provider. Only our staff and the staff operating the server have access to the data, and all are responsible for handling the data securely.

Activity: hosting and server services.
Purpose of processing: ensuring the operation of the website.
Data processed: personal data provided by the data subject.

Duration of processing and erasure deadline: until the end of the operation of the website, or as set out in the contractual agreement between the website operator and the hosting provider. If necessary, the data subject may also request erasure of data by contacting the hosting provider.

Legal basis: the data subject’s consent, and/or processing based on law.

8. DURATION OF DATA PROCESSING

Personal data provided on the basis of the User’s consent will be processed by the Controller until the purpose of processing has been achieved or until the User withdraws consent. The Controller processes the personal data provided during registration until the use of the Website ceases, in particular until registration is deleted.

In the absence of any different statutory provision, the Controller may process the personal data collected a) for compliance with a legal obligation to which it is subject, or b) for the purposes of the legitimate interests pursued by the Controller or by a third party, where such interests are proportionate to the restriction of the right to the protection of personal data, without separate additional consent and even after withdrawal of consent. / Act CXII of 2011, Section 6 (5) /

For the performance of accounting obligations, the Controller retains and processes the personal data provided by the User for 8 years under Section 169 of Act C of 2000, and within the limitation period defined in Act XCII of 2003 on the Rules of Taxation.

9. DATA TRANSFER, DATA LINKING

The Controller does not sell, rent, or otherwise make available personal data or information relating to the User to other companies or private individuals.

The Controller ensures appropriate security of the data to the best of its ability and takes the technical and organisational measures necessary to enforce data protection rules and principles and to promote the security of personal data.

Users are informed that the Controller will transfer personal data to third parties only with the explicit consent of the data subject.

10. COOKIES

Cookies are placed on the user’s computer by the websites visited and contain information such as the site’s settings or login status.

Cookies are small files created by visited websites. By saving browsing data, they improve the user experience. Using cookies, the website remembers site settings and offers locally relevant content.

To determine the fact and time of visits, the service provider’s website sends a small file (cookie) to the visitor’s computer. The service provider informs the visitor of this.

Categories of data subjects: visitors to the website.
Purpose of processing: value-added services, identification, tracking of visitors.
Legal basis: the user’s consent is not required where cookies are strictly necessary for the service provider to use.
Data processed: unique identifier, timestamp, configuration data.
Users can delete cookies from browsers at any time in the Settings menu.
Controllers authorised to access the data: the Controller does not process personal data by using cookies.
Mode of storage: electronic.

11. SOCIAL MEDIA PAGES

Social media is a medium where messages are disseminated through community users. Social media uses the internet and online appearance opportunities to turn users from content consumers into content editors.

Social media is an interface of internet applications containing user-generated content, e.g., Facebook, Google+, Twitter, etc.

Forms of social media presence may include public speeches, presentations, introductions of products or services.

Forms of information appearing in social media may be forums, blog posts, images, videos, audio materials, message boards, email messages, etc.

Accordingly, in addition to personal data, the data processed may also include the user’s public profile picture.

Data subjects: all registered users.
Purpose of data collection: promotion of the website or a related webpage.
Legal basis: the data subject’s voluntary consent.
Duration of processing: as regulated on the given social networking site.
Deadline for erasure: as regulated on the given social networking site.
Persons authorised to access the data: as regulated on the given social networking site.
Rights related to processing: as regulated on the given social networking site.
Mode of storage: electronic.

Please note that when a user uploads or submits personal data, they grant the operator of the social networking site a worldwide licence to store and use such content. Therefore, it is very important to ensure that the user has full entitlement to publish the information.

12. GOOGLE ANALYTICS

Our website uses Google Analytics.

When using Google Analytics:

Google Analytics uses first-party cookies to compile reports for its clients about user behaviour on the website.

On behalf of the website operator, Google uses the information to evaluate how users use the site and provides additional services related to website activity for the website operator.

Data are stored on Google’s servers in encrypted form to hinder and prevent misuse.

Disabling Google Analytics can be done as follows (quoted from Google):

Website users who do not want Google Analytics JavaScript to report their data can install the Google Analytics opt-out browser add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js, dc.js) from sharing information with Google Analytics. The add-on is available for most modern browsers. The Google Analytics opt-out add-on does not prevent data from being sent to the website itself or to other internet analytics services.

https://support.google.com/analytics/answer/6004245?hl=hu

Google’s privacy policy: https://policies.google.com/privacy?hl=hu

Detailed information on the use and protection of data is available at the links above.

13. DATA PROTECTION IN DETAIL

https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf

14. RIGHTS RELATED TO DATA PROCESSING

Right to information

You may request information from us via the contact details provided, regarding which of your data our company processes, on what legal basis, for what purpose, from what source, and for how long. Upon your request we will send information without delay, but no later than within 30 days, to the email address you provide.

Right to rectification

You may request that we modify any of your data via the contact details provided. We will act on your request without delay, but no later than within 30 days, and inform you at the email address you provide.

Right to erasure

You may request the deletion of your data via the contact details provided. We will comply without delay, but no later than within 30 days, and inform you at the email address you provide.

Right to restriction

You may request the restriction of your data via the contact details provided. The restriction lasts as long as the reason indicated by you makes the storage of the data necessary. We will comply without delay, but no later than within 30 days, and inform you at the email address you provide.

Right to object

You may object to processing via the contact details provided. We will examine the objection as soon as possible, but no later than within 15 days, decide on its merits, and notify you of our decision by email.

15. LEGAL REMEDIES RELATED TO DATA PROCESSING

If you experience unlawful data processing, please inform our company so that a lawful state can be restored as soon as possible. We will do everything we can to resolve the issue described.

If in your opinion a lawful state cannot be restored, please notify the authority at the following contact details:

National Authority for Data Protection and Freedom of Information (NAIH)

Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat (at) naih.hu
URL https://naih.hu
Coordinates: N 47°30'56''; E 18°59'57''

16. LEGISLATION GOVERNING DATA PROCESSING

• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.
• Act LXVI of 1995 on the Protection of Public Documents, Public Archives and Private Archival Material.
• Government Decree 335/2005 (XII. 29.) on the General Requirements of Records Management of Public Bodies.
• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.
• Act C of 2003 on Electronic Communications.

Effective date of this Privacy Policy: 2022.06.09. The Controller reserves the right to make changes.