Data management policy

Privacy and Data Management Policy

TheInter-cosmo Kft.(hereinafter: Service Provider, data controller) informs its customers of the following.

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) ( April 27, 2016), we provide the following information.

This data management information sheet regulates the data management of the following pages: https://www.dietaskonyha.hu

The data management information is available from the following page: https://www.dlife.hu

Amendments to the prospectus will take effect upon publication at the above address.

The data manager and his contact details:

Name: Inter-cosmo Kft.

Headquarters: 1162 Budapest, Csömöri út 327.

E-mail: kapcsolat@d-life.hu

Phone: +36-70-729-9858

Term definitions

  1. "personal data": any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
  1. "data management": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or by making it available in another way, coordinating or connecting, limiting, deleting or destroying;
  1. "data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be defined by EU or member state law;
  1. "data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
  1. "recipient": the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party.Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the handling of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
  1. "consent of the data subject": the voluntary, specific and well-informed and clear statement of the will of the data subject, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;
  1. "data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or unauthorized access to personal data transmitted, stored or otherwise handled

Principles for handling personal data

Personal data:

  1. must be handled legally and fairly, as well as in a transparent manner for the data subject ("legality, fair procedure and transparency");
  1. should only be collected for specific, clear and legitimate purposes, and they should not be handled in a manner incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes ("purpose limitation");
  2. is not considered incompatible with the original purpose
  1. they must be appropriate and relevant in terms of the purposes of data management, and must be limited to what is necessary ("data economy");
  1. must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to immediately delete or correct personal data that is inaccurate for the purposes of data management ("accuracy");
  1. must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may only be stored for a longer period of time if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of the appropriate technical and organizational measures required to protect your freedoms ("restricted storage");
  1. must be handled in such a way that adequate security of personal data is ensured by the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data ("integrity and confidentiality").

The data controller is responsible for compliance with the above, and must also be able to prove this compliance ("accountability").

Data management

Data management related to online store operation

  1. Fact of data collection, scope of data handled and purpose of data management:

Personal data

Purpose of data management

Username

Identification, enable registration

It is used for secure access to the user account.

Surname and first name

Required for contacting, purchasing and issuing a regular invoice.

E-mail address

Communication, more effective coordination of questions related to invoicing or delivery.

Billing name and address

Issuing the regular invoice, as well as creating the contract, defining its content, amending it, monitoring its performance, invoicing the resulting fees, and asserting related claims.

Shipping name and address

Enable home delivery.

Date of purchase/registration

Execution of a technical operation.

The IP address at the time of purchase/registration

Execution of a technical operation.


Neither the username nor the e-mail address needs to contain personal data.

  1. The range of stakeholders: All stakeholders registered/purchased on the webshop website.
  1. Duration of data management, deadline for deleting data: Immediately upon cancellation of registration. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject's deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, as this data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting.

Accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.

  1. The person of the possible data controllers entitled to access the data, the recipients of the personal data: The personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.
  2. Description of thedata processing rights of the data subjects:
  • The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
  • you can object to the processing of such personal data, as well as
  • the data subject has the right to data portability and to withdraw consent at any time.
  1. Access to personal data, their deletion, modification or restriction of processing, portability of data, objection to data processing can be initiated by the data subject in the following ways:
  • by post at Késmárk u 9, 1158 Budapest,
  • via e-mail at info@dietaskonyha.hu e-mail address,
  • by phone +36-70/7299858.
  1. Legal basis for data management:
  1. Article 6(1)(b) of the GDPR,
  1. CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):

For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in all cases operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

  1. In the case of issuing an invoice in accordance with the accounting legislation, point c) of Article 6 (1).
  1. In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. according to § 5 years.

6:22. § [Prescription]

(1) If this law does not provide otherwise, claims become time-barred within five years.

(2) The statute of limitations begins when the claim becomes due.

(3) The agreement to change the limitation period must be put in writing.

(4) An agreement excluding limitation is void.

  1. We inform you that
  • data management is necessary to fulfill the contract.
  • must provide personal data so that we can fulfill your order.
  • failure to provide data has the consequences that we cannot process your order.

The data processors used

Shipping

  1. Activity provided by data processor: Delivery of products, transport
  1. Name and contact information of data processor:
  • GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
    2351 Alsónémedi
    GLS Európa u. 2.
    info@gls-hungary.com
    +3618020265
  • Sprinter Futárszolgált Kft.
    1097 Budapest Táblás utca 39.
    +3613473000
    info@sprinter.hu
  • Foxpost Zrt.
    3200 GyöngyösBatsányi utca 9.
    +36-1-999-0369
  • Hungarian Posta
    3512 Miskolc Customer Service Directorate
  1. The fact of data management, scope of managed data: Delivery name, delivery address, phone number, e-mail address.
  2. The range of stakeholders: All stakeholders requesting home delivery.
  1. Purpose of data management: Home delivery of the ordered product.
  1. Duration of data management, deadline for data deletion: Lasts until home delivery is completed.
  1. Legal basis for data processing: Article 6, paragraph 1, point b).

Hosting provider

  1. Activity provided by data processor: Storage service
  1. Name of data processor and contact information:
    Storage provider details
    Name: ShopRenterhu Kft.
    Headquarters: 4028 Debrecen, Kassai út 129.
    Contact: +36-1/234-5011, info@shoprenter.hu
  1. Fact of data management, scope of managed data: All personal data provided by the data subject.
  1. Group of stakeholders: All stakeholders who use the website.
  1. The purpose of data management: Making the website available and operating it properly.
  1. Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data manager and the storage provider, or until the deletion request addressed to the storage provider by the data subject.
  1. Legal basis for data processing: points c) and f) of Article 6 (1) and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. Paragraph (3) of §.

Recipients with whom personal data is communicated (Data transmission):

Online payment

  1. Activity performed by the Recipient: Online payment
  1. Recipient's name and contact information:

    Operator: OTP Mobil Szolgáltató Kft.

    Headquarters: 1143 Budapest, Hungária krt. 17-19.

    Customer service: ugyfelszolgalat@simple.hu +36 1/20/30/70 3-666-611

    Company registration number: 01-09-174466

  1. Fact of data management, scope of managed data: Billing data, name, e-mail address
  2. Group of stakeholders: All stakeholders who choose to pay on the website.
  1. Purpose of data management: Conducting online payments, confirming transactions and fraud monitoring for the protection of users
  1. Duration of data management, deadline for data deletion: It lasts until the online payment is completed.
  1. Legal basis for data processing: Article 6 (1) point b) of the GDPR. Data processing is necessary for online payment at the request of the data subject.
  1. The rights of the data subject:
    a. You can find out about the conditions of data management
    b. You have the right to receive feedback from the data controller as to whether your personal data is being processed, and you have the right to access all information related to data processing
    c. You have the right to receive your personal data in a segmented, widely used, machine-readable format
    d. You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

Cookie management

  1. Cookies typical of online stores are the so-called "cookie used for a password-protected session", "cookies required for the shopping cart" and "security cookies", the use of which does not require prior consent from the data subjects.
  1. Fact of data management, scope of managed data: Unique identification number, dates, times
  1. The range of stakeholders: All stakeholders who visit the website.
  1. Purpose of data management: Identification of users, registration of the "shopping basket" and tracking of visitors.
  1. Duration of data management, deadline for data deletion:

Cookie type

Legal basis for data management

Data Management

Managed data circle

Session cookies (session)

CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. Section (3)

Until revoked by the user or the service provider.

connect.sid

  1. The person of the possible data controllers entitled to access the data: The data controller does not process personal data through the use of cookies.
  1. Description of the rights of data subjects related to data management: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.
  1. Legal basis for data management: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.

Using Google Adwords conversion tracking

  1. The data controller uses the online advertising program called "Google AdWords", and also uses Google's conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").
  1. When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.
  1. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.
  1. Each Google AdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.
  1. The information - obtained with the help of conversion tracking cookies - serves the purpose of creating conversion statistics for customers who choose AdWords conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.
  1. If you do not wish to participate in conversion tracking, you can decline this by disabling the installation of cookies in your browser. Then you will not be included in the conversion tracking statistics.
  1. Further information and Google's privacy statement are available at the following page: www.google.de/policies/privacy/

Application of Google Analytics

  1. This website uses Google Analytics, which is a web analytics service provided by Google Inc. ("Google").Google Analytics uses so-called "cookies", text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User
  1. The information created by cookies related to the website used by the User is usually transferred to and stored on one of Google's servers in the USA. By activating IP anonymization on the website, Google shortens the User's IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.
  1. The entire IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.

Within the framework of Google Analytics, the IP address transmitted by the User's browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User's website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link.

Newsletter, DM activity

  1. XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. Pursuant to § 6 of the Act, the User may give prior and express consent to the Service Provider's advertising offers and other mailings using the contact information provided during registration.
  1. Furthermore, with the provisions of this information in mind, the Customer may consent to the Service Provider handling his/her personal data required for sending advertising offers.
  1. The Service Provider does not send unsolicited advertising messages, and the User may unsubscribe from the sending of offers free of charge without limitation or justification. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. Users can unsubscribe from advertisements by clicking on the link in the message.
  1. Fact of data collection, scope of data handled and purpose of data management:

Personal data

Purpose of data management

Name, e-mail address

Identification, enabling subscription to the newsletter.

Date of subscription

Execution of a technical operation.

IP address at the time of registration

Execution of a technical operation.

  1. The range of stakeholders: All stakeholders who subscribe to the newsletter.
  1. The purpose of data management: sending electronic messages containing advertising (e-mail, sms, push message) to the person concerned, providing information about current information, products, promotions, new functions, etc.
  1. Duration of data management, data deletion deadline: data management lasts until withdrawal of the consent statement, i.e. until unsubscription
  1. Data management registration number: in progress...
  1. The person of the possible data controllers entitled to access the data, the recipients of the personal data: The personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.
  1. Description of thedata processing rights of the data subjects:
  • The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
  • you can object to the processing of such personal data, as well as
  • the data subject has the right to data portability and to withdraw consent at any time.
  1. Access to personal data, their deletion, modification or restriction of processing, portability of data, objection to data processing can be initiated by the data subject in the following ways:
  • by post at 1158 Budapest, Késmárk utca 9,
  • by e-mailat the e-mail address info@dietaskonyha.hu,
  • by phone +36-70/7299858.
  1. The person concerned can unsubscribe from the newsletter at any time, free of charge.
  1. Legal basis for data management: consent of the data subject, points a) and f) of Article 6 (1) and XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities. § 6 (5) of the Act:

The advertiser, the advertising service provider, or the publisher of the advertisement - within the scope specified in the consent - keeps a record of the personal data of the persons who have given their consent. The data recorded in this register - concerning the recipient of the advertisement - can only be handled in accordance with the consent statement, until it is revoked, and can only be transferred to third parties with the prior consent of the person concerned.

  1. We inform you that
  • data management is based on your consent.
  • must provide personal data if you want to receive a newsletter from us.
  • failure to provide data has the consequences that we cannot send you a newsletter.

Complaint handling

  1. Fact of data collection, scope of data handled and purpose of data management:

Personal data

Purpose of data management

Surname and first name

Identification, contact.

E-mail address

Billing name and address

Identification, handling of quality objections, questions and problems arising in connection with the ordered products.

  1. Stakeholders: All stakeholders who purchase on the webshop website and complain about quality.
  1. Duration of data management, deadline for deletion of data: Copies of the minutes, transcripts and responses to the objections received are provided in the CLV of 1997 on consumer protection. Act 17/A. Pursuant to § (7), it must be kept for 5 years.
  1. The person of the possible data controllers entitled to access the data, the recipients of the personal data: The personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.
  1. Description of thedata processing rights of the data subjects:
  • The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
  • you can object to the processing of such personal data, as well as
  • the data subject has the right to data portability and to withdraw consent at any time.
  1. Access to personal data, their deletion, modification or restriction of processing, portability of data, objection to data processing can be initiated by the data subject in the following ways:
  • by post at 1158 Budapest, Késmárk utca 9,
  • via e-mail at info@dietaskonyha.hu e-mail address,
  • by phone +36-70/7299858.
  1. Legal basis for data management: Article 6 (1) point c) and CLV of 1997 on consumer protection. Act 17/A. Section (7)
  1. We inform you that
  • the provision of personal data is based on a contractual obligation.
  • the precondition of concluding the contract is the management of personal data.
  • must provide personal data so that we can handle your complaint.
  • failing to provide data has the consequences that we cannot handle your complaint.

Community Pages

  1. The fact of data collection, the range of data processed: Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc. the name registered on social networking sites and the user's public profile picture.
  1. The range of stakeholders: All stakeholders who have registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc. on social networking sites and "liked" the website.
  1. Purpose of data collection: To promote the sharing or "liking" of certain content elements, products, promotions or the website itself on social networks.
  1. Duration of data management, deadline for data deletion, identity of possible data managers entitled to access the data and description of the rights of the data subjects related to data management: The data subject can find out about the source of the data, its management, the method of transfer and its legal basis on the given social media page. Data management takes place on social media sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the given social media site.
  1. The legal basis for data management: the voluntary consent of the concerned person to the management of his personal data on social networking sites.

Customer relations and other data management

  1. Should the data subject have any questions or problems while using our data management services, you can contact the data manager using the methods provided on the website (phone, e-mail, social media, etc.).
  1. Data manager handles received e-mails, messages, on the phone, on Facebook, etc. data provided, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data disclosure.
  1. We provide information on data management not listed in this information when the data is collected.
  1. The Service Provider is obliged to provide information, communicate and hand over data, or make documents available in the case of an exceptional official inquiry, or in the event of an inquiry by other bodies based on the authorization of the law.
  1. In these cases, the Service Provider only releases personal data to the requester - if he has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

Measure deadline

The data controller will inform you without undue delay, but in any case within 1 month of the receipt of the request, about the measures taken as a result of the above requests.

If necessary, this can be extended by 2 months. The data controller will inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month of receiving the request.

If the data controller does not take measures following your request, it will inform you without delay, but at the latest within one month from the receipt of the request, of the reasons for the failure to take action, and that you may file a complaint with a supervisory authority, and may exercise his right to judicial remedy.

Informing the data subject about the data protection incident

If the data protection incident likely entails a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

The nature of the data protection incident must be described clearly and in an understandable manner in the information provided to the data subject, and the name and contact details of the data protection officer or other contact person providing additional information must be provided;

should be described

probable consequences resulting from a data protection incident; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject need not be informed if any of the following conditions are met:

  • the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data breach, in particular those measures - such as the use of encryption - which are necessary for personal data make the data unintelligible to persons not authorized to access;
  • after the data protection incident, the data controller took additional measures that ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
  • information would require a disproportionate effort In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

Report a data protection incident to the authority

The data controller shall report the data protection incident without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, to the competent supervisory authority pursuant to Article 55, unless the data protection incident is likely to pose no risk to the regarding the rights and freedoms of natural persons. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached

Possibility to lodge a complaint

A complaint against a potential violation of the data controller can be lodged with the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom of Information Authority

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, PO Box: 5.

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

During the preparation of the information sheet, we were aware of the following legislation:

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) ( 27 April 2016)
  • 2011. year CXII. Act - on the right to self-determination of information and freedom of information (hereinafter: Infotv.)
  • 2001. year CVIII Act - on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)
  • 2008. year XLVII Act - on the prohibition of unfair commercial practices towards consumers;
  • 2008. year XLVIII Act - on the basic conditions and certain limitations of economic advertising activity (especially § 6.a)
  • 2005. XC of the year Act on Electronic Freedom of Information
  • 2003. Act C of 2008 on electronic communication (specifically § 155.a)
  • 16/2011. s.Opinion on the EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising
  • Recommendation of the National Data Protection and Freedom of Information Authority on data protection requirements for prior information
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC
.