PERSONAL DATA PROTECTION POLICY
This is the data protection policy (hereinafter: Policy) of the company FOOD PASSION Kft. (Registered office: 1088 Budapest, Krúdy Gyula utca 5. I./10.) (Hereinafter: data controller).
For the Data Controller, as supplier, the protection of personal data of visitors to the website www.foodpassion.hu, as well as the assurance of their right to IT self-determination, is of fundamental importance.
The Data Controller undertakes to process the personal data of the visitors in such a way as to contribute to the safe use of internet by them, according to the relevant legal regulations. The data controller processes / manages the personal data of visitors confidentially, according to the relevant legal regulations.
This Policy is especially governed by the following laws:
- - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data (GDPR), as well as the free circulation of such data and repealing Directive 95/46 / EC (General Data Protection Regulation),
- - Act CXII of 2011,
- - Act CVIII of 2001,
- - Act XLVIII of 2008.
The main objective of the Policy is to inform interested parties about the registration, management, use, transmission, registration of data stored with the data controller.DEFINITIONS:
- database: the set of data processed in the e-registration system,
- data processing: carrying out technical tasks related to data management, regardless of the method, means applied for the operation and the place of application,
- the person in charge of data processing: natural, legal or non-legal person, who, by mandate of the data controller, carries out processing of personal data,
- data processing: any operation or set of operations, applied to personal data or sets of personal data, concerning, by way of example, the collection, registration, organization, storage, modification, use, blocking, communication, dissemination, deletion and destruction of data, as well as the obstacle to further use of the data. Furthermore, the taking / recording of photos, videos, voice and other suitable means to identify a person (e.g. iris, fingerprint, DNA) is considered data processing.
- data controller: the natural, legal, non-legal person, responsible for the decisions regarding the purposes and execution of the processing of personal data and the processing of data, the tools used, including decisions relating to assignment of the person in charge of data processing for its execution.
- data cancellation: total physical cancellation of the data or the data medium,
- data transmission: dissemination of data to third parties,
- destruction of data: destruction of data in such a way that it can no longer be recovered,
- data retention: making the transmission, knowledge, modification, communication, dissemination, cancellation and destruction, use, connection of data impossible for a specific period or permanently,
- third parties: the natural, legal, non-legal person, other than the data subject, the data controller and the person in charge of data processing,
- consent: the voluntary and decisive expression of the interested party of his desire to consent to the processing of his data, based on the correct information,
- special data: data relating to race, ethnic or national minorities, political, religious positions, health condition, vices, sexual life, criminal data,
- publication: making the data accessible to third parties,
- registration: communication of the customer's identification data to the data controller of personal data,
- personal data: any data connected to identified or identifiable natural persons (hereinafter: Data Subject) as well as conclusions that may be disunited from this data regarding the Data Subject.
People can be considered identifiable, especially if they can be identified on the basis of the parameters / factors of name, n. identifying, physical, physiological, mental, economic, cultural or social.
- dispute: declaration of the interested party, in which he disputes the processing of his personal data, requesting the dissolution of the data processing or the cancellation of the data processed.
Personal data may be processed exclusively for the purpose of fulfilling obligations and exercising rights and applying the relevant laws.PERSONAL DATA CAN BE PROCESSED IN THE FOLLOWING CASES:
- the interested party has given his consent,
- a law requires it or on the basis of legal authorization,
- the data of the interested party communicated during his registration, as necessary and sufficient data for the identification of the same, are treated, in accordance with Act CVIII of 2001, for the purpose of concluding service contracts relating to the information society, determining, modifying, verifying compliance, invoicing the relative value, as well as demanding the related claims.
- The data controller does not process / manage special data.
- The law, for the public interest, may order the publication of personal data, indicating the type of such data. In all other cases, the consent of the interested party is required for the publication of personal data, in cases of special data, by written consent. In case of doubts, the consent is considered not given / refused, except for public figures and / or data delivered for the purpose of its publication. In cases initiated at the relative request of the interested party, it must be assumed that the consent was given by the same.
- The rights and obligations of the person in charge of data processing, relating to the processing of personal data, are determined by the data controller. The data controller is responsible for the legality of the instructions relating to the data processing operation. The person in charge of data processing, as part of his activity, is responsible for the processing, modification, cancellation, transmission, destruction and publication of personal data. The data processor cannot carry out his data processing activity together with another data processor. The person in charge of data processing cannot make decisions regarding the personal data of which he has become aware can be processed, stored and kept according to the instructions of the personal data owner. Furthermore, it cannot process the data for its own purposes.
- On the basis of the above, the data controller processes / manages the following data of the interested parties: name, email address, address, n. telephone, billing data, order data.
- The Data Controller guarantees the interested party that he/she can forbid the processing of data in order to increase the efficiency of his services, to transmit electronic advertising or other market research.
- The interested party, with his registration, gives his/her consent to hand over his/her data to the person in charge of data processing, as well as to other collaborators of the data controller and of the person in charge of data processing (hereinafter : third parties), for purposes for which the data controller is authorized to process the data.
- The obligation of the interested customer to provide data is voluntary but, in the absence of necessary and sufficient data, it is not possible to place orders for the same. Consequently, we ask that you communicate the data necessary to be able to fulfill our services, taking into consideration the requirements set out in this Policy. Failing it, registration may be refused.
- By registering, the interested party acknowledges that he/she has voluntarily given his previous consent in advance to receiving electronic advertising from the supplier and/or suppliers collaborating with the supplier. This consent can be revoked at any time, without any countervalue, limitation and motivation. In this case, the supplier immediately deletes the name from the register prescribed by law, and no longer advertises it. When sending electronic advertisements, the advertiser informs the interested party about the electronic contact details, on which the intention to prohibit sending electronic advertisements can be communicated, using services connected to the information society.
- In the case of our services related to registration and subscription, we occasionally send our customers information circulars about our new services, special offers. In the event that our customers do not intend to receive these informative circulars, they can cancel in the same way they requested the service.
- By registering, the interested party, as the customer, acknowledges that he/she has known and accepted the data processing rules of the supplier, and the registration is considered authorization of data processing.
- The data controller undertakes to communicate in advance to the readers of its site the changes in the principles and use relating to the processing of personal data, in order that they can know exactly the principles and practice of data processing, valid on the site / portal of the data controller. This Policy always reflects the principles and practice actually applied.
- If we intend to use personal data in a different way from the principles and objectives published for the collection of personal data, in that case we will inform the interested parties in advance by email, asking if they give their consent to treat the data in a different way their personal data.
- Anonymous information, which is collected with the exclusion of personal identificability and cannot be linked to any natural person, is not considered personal data.
- We do not integrate and do not link personal data and other data communicated by data subjects with data, information deriving from other sources. Otherwise, we ask the interested party for the relative previous consent.
- In the event that the authorized authorities request the provider to hand over personal data in a prescribed manner by law, the data controller, in fulfilling his legal obligations, delivers the requested information.
- The data controller, for the moment, does not offer services expressly for minors under the age of 18, and declares that it does not collect and process personal data from individuals under the age of 18. In the case of requests / needs for the processing of such data, the appropriate consent of the parent or legal representative of the minor is required in a controllable form. In the absence of it, the personal data of minors will not be recorded.
- In the event of termination of the right of data processing, the data controller deletes the data of the interested party.
- The interested party may request the update on the processing of his personal data, as well as the correction and cancellation (with the exception of the processing of data ordered by law) of his/her personal data.
- At the request of the interested party, the data controller gives information regarding the data processed by the same or by the person in charge of data processing, on the purpose, legal title, duration of data processing, name, address, activity relating to the data processing of the data processor, as well as who and for what purpose received or receives such data. The data controller is required to give this communication in writing no later than 30 days from the filing of the relative request.
- The information of the interested party can be denied by the data controller only if it is limited by law, for the internal and external security of the State, such as defense of the State, the security of the Nation, the prevention of crime, or anti-crime, or in the State or municipal fiscal interest, or for the protection of the rights of the interested party or third parties. The data controller is required to communicate to the interested party the reason for the refusal of the communication. The data controller informs the data protection commissioner about annually rejected requests.
- The data controller is required to correct any data that does not correspond to reality.
- Personal data must be destroyed if:
- its processing is illegal,
- the interested party requests it,
- is incorrect or incomplete, and that status cannot be corrected, provided that the law does not exclude destruction,
- the purpose of the data processing has ceased, or the mandatory period of data storage has expired,
- was ordered by a Court or by the data protection commissioner.
- The interested party and all in favor of whom such data were transmitted must be informed about the correction or destruction of the data. This communication can be ignored, if that does not violate the legitimate interest of the data subject.
- The interested party can object to the processing of his personal data, if:
- the processing and transmission of personal data is only necessary for the exercise of the legitimate rights or interests of the data controller, except in the case where the data processing has been ordered by law,
- the use or transmission of personal data is carried out to directly purchase business, public opinion polling, scientific research,
- the law allows to exercise the right of objection.
- The Data Controller - with the simultaneous suspension of the data processing - is required to verify the objection, within 15 days from the filing of the complaint, and communicate the outcome in writing to the applicant. In the event that the objection is reasonable, the data controller is required to stop processing the data and block the data, as well as inform all those to whom he had transmitted the personal data in question about the objection and the related provision, who are also required to enforce the right of objection. If the interested party does not agree with this decision of the data controller, within 30 days of the relative communication, he can apply to the court.
- The data controller cannot delete the data of the interested party, if the data processing has been ordered by law. The data cannot, however, be transmitted to the person who takes them over if the data controller agrees with the protest or a court has established the legitimacy of the protest.
- In the event of a violation of the rights of the data subject, he / she can appeal to the court against the data controller.
The computer system and the other data storage locations of Food Passion Kft. are located at its registered office located at 1088 Budapest, Krúdy Gyula utca 5. I./10.
The e-mail address of the Data Controller is: email@example.com.