PRIVACY STATEMENT

The protection of your personal data is of utmost importance to Hauda Kft. and its partners. The collection and processing of identifiable, personal data necessary while using our website complies with the applicable Hungarian data protection regulations, such as CXII of the year on the right to informational self-determination and freedom of information. to law. Your data will be treated confidentially and will not be forwarded to third parties, unless this is essential for the performance of the contract (e.g. post office, courier service). Our employees, partners and service providers owe us a duty of confidentiality.

  1. A www.medisdermo.com website (hereinafter: "Website") is operated by Hauda Kft headquarters: 1155 Bp. Mézeskalács tér 12 tax number: 14040810-2-42 company registration number: 01-09-886119 telephone number: +36303031555 e-mail address: info@medisdermo.hu in the following:"Service provider”) enforces the following data management rules in the management of the consumer's data during the Website and related activities.
  2. The Service Provider may process the natural personal identification data and address necessary for the identification of the user (Consumer) in order to create a contract for the provision of services related to the information society, define its content, modify it, monitor its performance, invoicing the fees resulting from it, and assert related claims.
  3. For the purpose of invoicing the fees from the contract for the provision of services related to the information society, the Service Provider may process the natural personal identification data related to the use of services related to the information society, address, as well as data relating to the time, duration and place of the use of the service.
  4. In addition to what is stated in the previous point, the Service Provider may process the personal data that is technically absolutely necessary for the provision of the service for the purpose of providing the service. If the other conditions are the same, the Service Provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.
  5. The Service Provider may process data related to the use of the service for any purpose other than those specified in the previous point - in particular, to increase the efficiency of its service, to deliver electronic advertising or other addressed content addressed to the Consumer, for the purpose of market research - only with the prior determination of the purpose of data management and on the basis of the Consumer's consent.
  6. Before using the service related to the information society and also during the use of the service, the Consumer must ensure that he can prohibit the data processing according to the previous point.
  7. The data specified in point 6 cannot be linked to the identification data of the Consumer and cannot be transferred to a third party without the consent of the Consumer.
  8. The 3-5. data managed for the purposes specified in point 2 must be deleted after the contract is not concluded, the contract is terminated, and after invoicing. Data managed for the purpose specified in point 6 must be deleted if the purpose of data management has ceased, or if the Consumer so requires. Unless otherwise provided by law, data deletion must be carried out immediately.
  9. The provision of services related to the information society cannot be made dependent on any of 3-5. from his consent to data management for a purpose not mentioned in point, if the given service cannot be used from another service provider.
  10. In addition to the information specified in a separate law, the Service Provider must ensure that the Consumer can learn, before and at any time during the use of services related to the information society, which types of data the Service Provider manages for which data management purposes, including the management of data that cannot be directly linked to the Consumer.
  11. The Consumer consents to the Service Provider handling the personal data provided by the Consumer during registration. The Service Provider declares that it treats all data, information and facts provided by its Consumers as confidential. At the same time, the Service Provider reserves the right to hand over the Consumer's personal data to the competent authorities if there is a suspicion of abuse of the service or other crimes against the Consumer.
  12. The Service Provider provides the Consumer with the opportunity to view the data stored on him at any time, to modify it if necessary, or to cancel his registration.
  13. The data will only be used for other purposes if the express written consent of the data subject is given.
  14. Only authorized employees of the Service Provider can view the Consumer data. The Service Provider does not provide the personal data stored about the Consumers (including the email address) to third parties.
  15. Placing orders on the site is subject to registration, during which the Consumer provides their name and address, and possibly provides an alternative delivery address.
  16. The Service Provider ensures that the use of data obtained from the Consumers through its services complies with the Hungarian legislation in force at all times.
  17. The Service Provider does not send letters to the e-mail addresses provided by the Consumers during registration, except for Website e-mails containing informational materials related to its services, which members agree to receive with their registration, but they can unsubscribe at any time.
  18. The Service Provider takes all the measures expected of it in order to keep the data safe, but does not accept responsibility for the damage, destruction or falling into unauthorized hands of the data in the event of technical failure, force majeure, terrorism or crime.
  19. The Service Provider takes all the measures expected of it to ensure that access to its pages is continuous and error-free, but does not assume responsibility for any errors that may occur, which cause the Website to malfunction and/or possible data loss.

Data management supplement

By accepting the offer, the Consumer expressly consents, on the basis of the appropriate information given to him, to use his data, or the data obtained during the fulfillment of the order, in his own records and statements within the framework of the laws applicable to the Seller; furthermore, in order to fulfill the General Terms and Conditions, and in order to assert the rights of the Consumer and/or the Company, and to fulfill its obligations, learn, copy and manage, and the Company shall enforcement of claims transfers it to a third party.

 Data processed for the purpose of concluding and fulfilling the contract

In order to conclude and fulfill the contract, several cases of data management may be implemented. We would like to inform you that data processing related to complaint handling and warranty administration is only carried out if you exercise one of the aforementioned rights.

If you do not make a purchase through the webshop, but are only a visitor to the webshop, then the provisions of data management for marketing purposes may apply to you if you give us consent for marketing purposes.

The data processing carried out for the purpose of concluding and fulfilling the contract in more detail:

Contact

If, for example, you contact us with a question about a product by email, contact form, or phone.

Prior contact is not mandatory, you can skip this and order from the webshop at any time.

Managed data

Data provided by you during contact.

 Duration of data management

We process the data only until the contact is completed.

 Legal basis for data management

Your voluntary consent, which you give to the Data Controller by contacting us. [Data management according to Article 6 (1) point a) of the Regulation]

Order processing

During the processing of orders, data management activities are necessary in order to fulfill the contract

Managed data

During data management, the Data Controller manages your name, address, telephone number, e-mail address, the characteristics of the purchased product, the order number and the date of purchase.

If you have placed an order in the webshop, data management and the provision of data are essential for the fulfillment of the contract.

Duration of data management

We process the data for 5 years according to the civil law statute of limitations.

 Legal basis for data management

Fulfillment of the contract. [Data management according to Article 6 (1) point b) of the Regulation]

Issue of the invoice

The data management process takes place in order to issue an invoice in accordance with the legislation and to fulfill the obligation to preserve accounting documents. The Sztv. Pursuant to § 169, paragraphs (1)-(2), economic companies must keep the accounting documents directly and indirectly supporting the accounting.

Managed data

Name, address, e-mail address, telephone number.

Duration of data management

The invoices issued by Sztv. Based on § 169, paragraph (2), it must be kept for 8 years from the date of issue of the invoice.

Legal basis for data management

CXXVII of 2007 on VAT. On the basis of Section 159 (1), the issuance of the invoice is mandatory and it must be kept for 8 years on the basis of Section 169 (2) of Act C of 2000 on accounting [Data processing according to Article 6 (1) point c) of the Regulation].

Data management related to the delivery of goods

The data management process takes place in order to deliver the ordered product.

Managed data

Name, address, e-mail address, telephone number.

Duration of data management

The Data Controller manages the data until the delivery of the ordered goods.

Legal basis for data management

Fulfillment of the contract [Data management according to Article 6 (1) point b) of the Regulation].

Guarantee service

The data management process takes place in order to handle warranty complaints. If you have requested warranty administration, data management and the provision of data are essential.

Managed data

Buyer's name, phone number, email address, content of the complaint.

Duration of data management

Warranty complaints are kept for 5 years based on the Consumer Protection Act.

Legal basis for data management

Whether you contact us in the case of warranty administration is your voluntary decision, however, if you contact us, the CLV of 1997 on consumer protection. Act 17/A. § (7) we are obliged to keep the complaint for 5 years [data management according to Article 6 (1) point c) of the Regulation]

Handling of other consumer protection complaints

The data management process takes place in order to handle consumer protection complaints. If you have contacted us with a complaint, data management and the provision of data are essential.

Managed data

Buyer's name, phone number, email address, content of complaint.

Duration of data management

Warranty complaints are kept for 5 years based on the Consumer Protection Act.

Legal basis for data management

It is your voluntary decision whether to contact us with a complaint, however, if you do contact us, the CLV of 1997 on consumer protection. Act 17/A. § (7) we are obliged to keep the complaint for 5 years [data management according to Article 6 (1) point c) of the Regulation].

Data processed in relation to the verifiability of consent

During the registration, order, and subscription to the newsletter, the IT system stores the IT data related to the consent for later provability.

Managed data

Date of consent and IP address of the person concerned.

Duration of data management

Due to the legal requirements, the consent must be proven later, therefore the duration of the data storage is stored for the limitation period after the termination of the data management.

Legal basis for data management

Article 7 (1) of the Regulation stipulates this obligation. [Data management according to Article 6 (1) point c) of the Regulation]

Data management for marketing purposes

Remarketing

Data management as a remarketing activity is carried out with the help of cookies.

Managed data

Data managed by cookies specified in the cookie information.

Duration of data management

The data storage period of the given cookie, more information is available here:

Google general cookie information: https://www.google.com/policies/technologies/types/

Google Analytics information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal basis for data management

Your voluntary consent, which you give to the Data Controller by using the website [Data management according to Article 6 (1) point a) of the Regulation].

Prize draw

The data management process takes place in order to run the prize draw.

Managed data

Name, email address, phone number.

Duration of data management

The data will be deleted after the end of the prize draw, with the exception of the winner's data, which the Data Controller is required to keep for 8 years based on the Accounting Act.

Legal basis for data management

Your voluntary consent, which you give to the Data Controller by using the website. [Data management according to Article 6 (1) point a) of the Regulation]

Additional data management

If the Data Controller wishes to carry out further data processing, it provides preliminary information on the essential circumstances of data processing (legal background and legal basis of data processing, purpose of data processing, scope of data processed, duration of data processing).

We inform you that the Data Controller must fulfill the written data requests of the authorities based on legal authorization. The Data Controller is Infotv regarding data transfers. In accordance with paragraphs (2)-(3) of § 15, the Data Controller shall keep a register (to which authority, which personal data, on which legal basis, when it was forwarded), the content of which the Data Controller shall provide information upon request, unless such information is prohibited by law.

About the use of data processors and their activities related to data management

Data processing for the storage of personal data

Name of the data processor: W3HOST Bt.

Contact details of the data processor:

Phone number: ++36 70 212-8290

E-mail address: tarhely@w3host.hu

Headquarters: 1156 Budapest, Sárfű utca 25..

The Data Processor stores personal data based on the contract concluded with the Data Controller. You are not entitled to access personal data.

Your rights during data management

Within the period of data management, you are entitled to the following rights according to the provisions of the Regulation:

  • the right to withdraw consent
  • access to personal data and information about data management
  • right to rectification
  • restriction of data management,
  • right to erasure
  • right to protest
  • right to portability.

If you wish to exercise your rights, it involves your identification, and the Data Controller must communicate with you as necessary. Therefore, in order to be identified, it will be necessary to provide personal data (but the identification can only be based on data that the Data Controller manages about you anyway), and your complaint about data management will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were a customer of ours and would like to identify yourself for the purpose of complaint management or warranty management, please enter your order ID for identification. Using this, we can also identify you as a customer.

The Data Controller will respond to complaints related to data management within 30 days at the latest.

The right to withdraw consent

You have the right to withdraw your consent to data management at any time, in which case the data provided will be deleted from our systems. However, please note that in the case of an order that has not yet been fulfilled, the cancellation may result in us not being able to deliver to you. In addition, if the purchase has already been completed, based on the accounting regulations, we cannot delete the data related to invoicing from our systems, and if you owe us a debt, then based on a legitimate interest related to the collection of the claim, we can process your data even if you withdraw your consent.

Access to personal data

You are entitled to receive feedback from the Data Controller as to whether your personal data is being processed, and if it is being processed, you are entitled to:

get access to the processed personal data and inform the Data Controller of the following information:

purposes of data management:

  • categories of personal data processed about you;
  • information about the recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed by the Data Controller;
  • the planned period of storage of personal data or, if this is not possible, the criteria for determining this period;
  • your right to request from the Data Controller the correction, deletion or restriction of processing of your personal data and, in the case of data processing based on legitimate interests, to object to the processing of such personal data;
  • the right to submit a complaint to the supervisory authority;
  • if the data was not collected from you, any available information about its source;
  • about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.

The purpose of exercising the right may be aimed at establishing and checking the legality of data management, therefore, in the event of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.

Access to personal data is ensured by the Data Controller by sending the processed personal data and information to you by email after your identification. If you have registered, we provide access so that you can view and check your personal data by logging into your user account.

Please indicate in your request that you are requesting access to personal data or information related to data management.

Right to rectification

You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.

Right to restriction of data processing

You have the right to have the Data Controller restrict data processing at your request if one of the following is true:

  • You dispute the accuracy of the personal data, in which case the restriction applies to the period that allows the Data Controller to check the accuracy of the personal data, if the exact data can be determined immediately, the restriction will not apply;
  • the data management is illegal, but you oppose the deletion of the data for any reason (for example, because the data are important to you in order to assert a legal claim), therefore you do not request the deletion of the data, but instead request the restriction of their use;
  • The Data Controller no longer needs the personal data for the purpose of the indicated data management, but you require them to present, enforce or defend legal claims; obsession
  • You have objected to the data processing, but the legitimate interests of the Data Controller may also be the basis for data processing, in this case, until it is established whether the legitimate reasons of the Data Controller take precedence over your legitimate reasons, the data processing must be limited.

If data management is subject to restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.

The data controller will inform you in advance (at least 3 working days before the restriction is lifted) of the lifting of the restriction on data management.

Right to erasure - right to be forgotten

You are entitled to have the Data Controller delete your personal data without undue delay if one of the following reasons exists:

  • the personal data are no longer needed for the purpose for which they were collected or otherwise processed by the Data Controller;
  • You withdraw your consent and there is no other legal basis for data processing;
  • You object to data processing based on legitimate interest and there is no overriding legitimate reason (i.e. legitimate interest) for data processing,
  • the personal data was handled illegally by the Data Controller and this was established based on the complaint,
  • personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller.

If, for any legitimate reason, the Data Controller has made public the personal data processed about you, and is obliged to delete it for any of the reasons indicated above, it is obliged to take reasonable steps, including technical measures, in order to inform the data, taking into account the available technology and the costs of implementation controller and other data controllers that you have requested the deletion of the links to the personal data in question or the copy or duplicate of this personal data.

Deletion does not apply if data management is necessary:

  • for the purpose of exercising the right to freedom of expression and information;
  • fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data (such case is data processing in the context of invoicing, as the retention of the invoice is required by law), or for the purpose of performing a task carried out in the public interest or in the exercise of a public authority vested in the data controller;
  • for the presentation, enforcement and protection of legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data management complaint is in progress).

Right to protest

You have the right to object to the processing of your personal data based on legitimate interests at any time for reasons related to your own situation. In this case, the Data Controller may no longer process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the presentation, enforcement or defense of legal claims.

If personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.

Right to portability

If the data management is carried out in an automated way, or if the data management is based on your voluntary consent, you have the right to ask the Data Controller to request the data you provided to the Data Controller, which the Data Controller sends in xml, JSON or csv format to your at your disposal, if this is technically feasible, you can request that the Data Controller forward the data in this form to another data controller.

Automated decision making

You have the right not to be subject to the scope of a decision based solely on automated data management (including profiling) that would have legal effects on you or would similarly significantly affect you. In these cases, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the data controller, to express his point of view and to submit objections to the decision.

The above does not apply if the decision:

  • It is necessary to conclude or fulfill the contract between you and the data controller;
  • is made possible by EU or Member State law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession
  • based on your express consent.

Registration in the data protection register

Infotv. pursuant to its provisions, the Data Controller had to register certain data operations in the data protection register. This reporting obligation was terminated on May 25, 2018.

Data security measures

The Data Controller declares that it has taken appropriate security measures in order to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used.

The Data Controller will do everything within its organizational and technical capabilities to ensure that its data processors also take appropriate data security measures when working with your personal data.

Remedies

If, in your opinion, the Data Controller has violated a legal provision regarding data management, or has not fulfilled any of your requests, you can initiate the investigation procedure of the National Data Protection and Freedom of Information Authority (address: 1530 Budapest, Pf.: 5., e- email: ugyfelszolgalat@naih.hu).

We would also like to inform you that in the event of a violation of the legal provisions on data management, or if the Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court.

Modification of data management information

The Data Controller reserves the right to modify this data management information in a way that does not affect the purpose and legal basis of data management. By using the website after the amendment enters into force, you accept the amended data management information.

If the Data Controller wishes to carry out further data processing in relation to the collected data for a purpose other than the purpose of their collection, it will inform you of the purpose of the data processing and the following information before the further data processing:

  • on the period of storage of personal data, or if this is not possible, on the criteria for determining the period;
  • your right to request from the Data Controller access to your personal data, their correction, deletion or restriction of processing, and in the case of data processing based on legitimate interests, you may object to the processing of personal data, and in the case of data processing based on consent or a contractual relationship, you may request data portability provision of rights;
  • in the case of data management based on consent, that you can withdraw your consent at any time,
  • on the right to submit a complaint to the supervisory authority;
  • whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for entering into a contract, as well as whether you are obliged to provide personal data, as well as the possible consequences of failure to provide data;
  • about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.

The data processing can only start after this, if the legal basis of the data processing is consent, in addition to the information, you must also consent to the data processing.

This document contains all relevant data management information regarding the operation of the webshop in accordance with the European Union's General Data Protection Regulation No. 2016/679 (hereinafter: Regulation. GDPR) and CXII of 2011. TV. (hereinafter: Infotv.) based on

Date: Budapest, 20.03.2021.

Hauda Kft.

ONLINE PAYMENT