Privacy notice

1. Data controllers / data processors

Data controller, data processor, operator - Website owner

hereinafter, WT

Name of service provider, data controller

hereinafter, TSZ

Google Analytics

hereinafter referred to as GA

Other data controller, data processor - Google

Other data processors used

2. Definitions

• GDPR (General Data Protection Regulation) is the European Union (European Parliament and Council) Data Protection Regulation 2016/679;
• Data management: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
• Personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• Special data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data or biometric data revealing the identity of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons;
• Data Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller's designation may also be determined by Union or Member State law;
• Consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she gives his or her consent to the processing of personal data concerning him or her;
• Data transmission: if the data is made available to a specified third party;
• Disclosure: if the data is made available to anyone;
• Data deletion: data rendered unrecognisable in such a way that it cannot be recovered; automated dataset: a set of data that is processed automatically;
• Machine processing: includes the following operations, if they are carried out in whole or in part by automated means: storage of data, logical or arithmetical operations on data, alteration, deletion, retrieval and dissemination of data.
• Data protection incident: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
• Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• Visitor: visitors of the ayurmedic.eu website.
• User: a Registered members of the website.
• Customer / Buyervisitors to the website who attempt to use a service or purchase a product.
• Powered by: operates a webshop for Users and Visitors through the aforementioned ayurmedic.eu website for dietary supplement products made from medicinal plants.

The content placed and published on the site can be visited, viewed and browsed by visitors without registration (without providing a username, password, email address, telephone, shipping and billing address).

3. Guidelines for data management and processing

3.1 The data controller(s) and processor(s) declare that they will process personal data in accordance with the provisions of the Privacy Notice and will comply with the applicable law, in particular with regard to:

3.1.1.1 The Data Controller undertakes to publish a clear, prominent and unambiguous notice (privacy statement) informing users and visitors of the method, purpose and principles of data collection before recording, recording or processing any data of their users or visitors. A the processing of personal data must be lawful, fair and transparent for the data subject.

3.1.2 In addition to the above, the Data Controller draws the user's attention to the voluntary nature of the data provision.

In all cases where the Data Controller requests personal data from its Visitors and Users, they are free to decide whether or not to provide the requested information after reading and understanding the required information text. However, if a person does not provide personal data, he or she may not be able to use the service from the Operator that requires the provision of personal data.

3.1.3 The data subject shall be informed of the purposes of the processing and of the persons who will process the data. The personal data must be collected for specified, explicit and legitimate purposes and not processed by the Controller in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes ("purpose limitation") shall not be considered incompatible with the original purpose;

3.1.4 In all cases where the Data Controller intends to use the data provided for purposes other than those for which they were originally collected, the Data Controller shall inform the User thereof and obtain his/her prior explicit consent or provide the User with the opportunity to prohibit such use.

3.1.5 The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary.

3.1.6 Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted without delay.

3.1.7 Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.

3.1.8 Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.

The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require any third party to whom it may transmit or transfer the data to fulfil its obligations in this respect.

3.1.9 All employees and senior managers of the Data Controller are entitled to access the data processed by the Data Controller. Information on data processing shall also be provided where the law provides for the inclusion of data from existing data processing by transfer or interconnection.

3.1.10. The principles of data protection shall apply to all information relating to an identified or identifiable natural person.

3.1.11. The Data Controller shall in all cases comply with the limitations set out in the Principles when collecting, recording and processing data, and shall inform the data subject of its activities by electronic mail, as requested. The Data Controller undertakes not to impose any sanctions on a user who refuses to provide the optional data.

3.1.12. Personally identifiable data and information means personal data relating to natural persons that can be used to identify someone personally, to contact someone for communication or to determine someone's physical contact details, including but not limited to: name, address, postal address, telephone number, e-mail address.

3.1.13. Anonymous information that is collected in a way that excludes personal identifiability and cannot be linked to a natural person, and demographic data that is collected in a way that does not link it to the personal data of identifiable persons and thus cannot be linked to a natural person, are not personal data.

3.1.14. This Privacy Statement is about the protection of personal data of visitors, registered users not intended for public disclosure, but made available to the Data Controller, Operator. If a person voluntarily discloses some or all of his/her personal information, such information is not covered by this Privacy Policy.

3.1.15. In all cases, we will indicate which data we ask you to provide on a "mandatory" basis during registration, for what purposes and under what conditions. The term "mandatory" in this case does not refer to the mandatory nature of the data collection, but to the fact that there are some records without which the registration cannot be completed successfully, so that leaving certain fields blank or filling them in incorrectly may lead to the rejection of the registration.

3.1.16. Personal data provided to us by Visitors and Users will not be disclosed to third parties under any circumstances unless authorised.

However, if the Data Controller is requested by the competent authorities to provide personal data in the manner required by law (e.g. in case of suspicion of a crime, in an official data seizure order), we will provide the requested and available information in compliance with our legal obligation.

Where our Users provide us with personal data, we will take all necessary steps to ensure the security of that data - both during network communication (i.e. online processing) and during storage and retention (i.e. offline processing).

3.1.17. As the Data Controller, we ensure that Visitors can access, correct and amend their own personal data through the same communication channels and by providing the same facilities through which their personal data was previously made available to us. In this way, as Data Controller, we ensure that Users' personal data is kept up to date, accurate and timely.

3.1.18. If any User requests that we delete his or her personal data from our own system (in certain cases, of course, assuming that he or she will no longer be able to use the service to which the data belonged or in a way that he or she cannot use it), we will do so without delay.

3.1.19. In the case of online payment, the Data Controller may, with the prior information of the registered User, provide the e-mail address, name and telephone number assigned to the User's profile to the payment service provider for the purposes of providing customer service assistance to Users, confirming transactions and fraud analysis.

4. Additional safeguards to protect the data subject

In the following sections, we draw your attention to the rights of all data subjects.

4.1 The data subject has the right to be informed about the processing of his/her data (data subject's right of access).

4.2 The data subject shall have the right to obtain, at his or her direct request, the restriction of processing by the Controller if any of the grounds listed herein apply:

4.2.1 The data subject contests the accuracy of his or her personal data, in which case the limitation applies for the period of time that allows the Controller to verify the accuracy of the personal data;

4.2.2. the data processing is unlawful, and the data subject opposes the erasure of the data and requests the restriction of their use instead;

4.2.3. where the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims;

4.2.4. the data subject has legitimately objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the data subject.

4.3.The data subject has the right to obtain information about the automated processing of personal data, its main purposes and the identity, habitual residence or registered office of the controller.

4.4 The data subject shall have the right to be informed, at reasonable intervals and without excessive delay or expense, whether or not his or her personal data are stored in an automated dataset and to be provided with information about those data in a form which he or she understands.

4.5 The data subject shall have the right to have such data rectified or erased without undue delay where justified (right to be forgotten). The Controller shall inform all recipients to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the data subject of these recipients.

4.6. Az adatkezeléssel érintett jogosult arra, hogy a hozzájáruláson alapuló adatkezelés során, automatizált adatkezelés esetén, a rá vonatkozó, általa az adatkezelő rendelkezésére bocsátott személyes adatokat tagolt, széles körben használt, géppel olvasható formátumban megkapja, továbbá jogosult arra, hogy az Adatkezelő ezeket az adatokat egy másik adatkezelőnek továbbítsa. E jog gyakorlása nem sértheti az elfeledtetéshez való jogot, és nem érintheti hátrányosan mások jogait és szabadságait.

4.7 The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions;

4.8 The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except in the circumstances set out in Article 22 of the GDPR (automated decision-making);

4.9 The data subject shall have the right to a judicial remedy if his or her request for information or, in justified cases, for disclosure, rectification or erasure, as provided for by law, is not complied with. At the request of the data subject, the Controller shall provide information on the data processed by the Controller or by a processor on its behalf, the purposes, legal basis and duration of the processing, the name, address (registered office) and activities of the processor in relation to the processing, as well as the persons to whom and the purposes for which the data are or have been disclosed. The data controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 30 days. The data subject may, in the event of a breach of his or her rights, bring an action against the Controller before the courts. The Controller shall compensate any damage caused to another party by unlawful processing of the data of the data subject or by a breach of the requirements of technical data protection.

The Data Controller is also liable to the data subject for damage caused by another Data Processor employed by the Data Controller. The Data Controller shall be exempted from liability if it proves that the damage was caused by an unavoidable cause outside the scope of the processing. No compensation shall be payable in so far as the damage resulted from the intentional or grossly negligent conduct of the person who suffered it.

5. The data processed and their legal basis

5.1. Legal basis of the data processed

The provisions on data processing and the protection of the personal data of Visitors apply only to natural persons, given that personal data can also be understood only in relation to natural persons (pursuant to Act CXII of 2011 on the right to information self-determination and freedom of information), therefore this privacy policy is binding only in relation to the processing of personal data of natural persons who register on the website.

5.1.1 The legal basis for the processing under 5.2.1 is the consent of the data subjects and the legitimate interest of the Data Controller in the performance of the contract between the data subject and the Data Controller (Article 6(1)(b) GDPR).

5.1.2 The legal basis for the processing of data under 5.2.3 - 5.2.6 is the consent of the data subjects. The data subjects give their consent during the registration process by ticking a checkbox for each processing purpose and by subsequently providing their personal data (e.g. username, password, email address, telephone number, delivery and billing address).

5.1.3 The legal basis for the processing of data under 5.2.2. is, in particular, Sections 169 and 202 of Act CXXVII of 2017 on Value Added Tax and Section 167 of Act C of 2000 on Accounting.

5.1.4 The legal basis for the processing of the data under points 5.2.5 and 5.2.6 is the legitimate interest of the Data Controller in the performance of the contract between the data subject and the Data Controller (Article 6(1)(b) GDPR).

The users of the Website accept the functioning of cookies by clicking on the "Login" button when opening and logging in to the Website, both as a visitor and as a registered user. In case of acceptance of the use of cookies, the information and consent shall also apply to the use of the Website in subsequent connections to the user's device.

5.2. Scope of data processed and purpose of data processing

Personal data may be processed only for specified purposes, for the exercise of rights and the performance of obligations. The processing must comply with this purpose at all stages. Only personal data which is necessary for the purpose of the processing, is adequate for the purpose, and is processed only to the extent and for the duration necessary for the purposes of the processing.

5.2.1 Purpose of data processing: to provide the services of the webshop, to fulfil the related contractual rights and obligations.

Data processed: first name, surname, e-mail address, password*, telephone number, delivery address

In addition, to ensure the quality of the service, to comply with the GTC and for the legitimate interest of the service provider, we also process the following data:

Customer service correspondence, call data (call number, time and duration of the call) and log files of the use of the functions provided by the system.

*The password of the user's choice, which is entered into the database in encrypted format in accordance with the technical and legal requirements of the present day. Passwords are not accessible to data controllers in unencrypted form."

5.2.2. Purpose of data processing: to fulfil statutory tax and accounting obligations (accounting, taxation).

Processed data: personal data as defined by law, in particular billing name, company name, tax number, billing address, e-mail address, payment details.

5.2.3 Purpose of processing: use for marketing purposes, sending newsletters (commercial offers), use for direct marketing purposes.

Data processed: name, e-mail address, telephone number

5.2.4. Purpose of data management: informing users, providing services

Data processed: the data indicated in point 5.2.1

5.2.5. When visiting the ayurmedic.eu website, certain parameters of Visitors and Users are recorded on the TSZ servers, which may be accessed by WT.

These logging parameters - automatically recorded - can be any of the following, depending on what the website's program code can identify for a given visitor:

• Time of access, time spent on the website, activity performed during this time, time of exit
• Visitor's browser type, resolution, language, operating system, type of computing device
• Visitor IP address

The purpose of processing this data is to ensure quality and to provide WT with statistics for the website. The duration of this processing is 365 days - unless the visitor requests otherwise, by indicating his/her request for deletion at one of the WT contact details provided in this information.

5.2.6 Cookie: cookies are information automatically logged by the TSZ servers. The Fund Manager uses the following cookies:

(a) Session cookies

(b) Functional cookies

The purposes, legal basis, duration and other information about the processing of cookies can be found in section 10 of this Privacy Policy.

5.3. Automated decision-making

The Data Controller uses automated decision-making (profiling) to develop discount offers as described below.

We offer discounted offers based on registration, the time since the previous purchase and the user's activity on the Website.

6. How the website works

6.1. Acceptance of cookies and data management

The ayurmedic.eu website is an online webshop website for the purchase of herbal dietary supplement products. Visitors to the website are greeted by a pop-up window in the footer, in which both the cookies used by the site and this Privacy Policy are binding. If the visitor/user wishes to place an order or subscribe to a newsletter, he/she will not be able to proceed further in the process until he/she accepts this Privacy Policy.

The Service is free of charge to registered or unregistered users who view and browse the site, and charges are only incurred when purchasing the product(s).

The products can be paid by bank transfer, credit card, paypal and cash on delivery.

6.2. Registration

The content placed and published on the site can be visited, viewed and browsed by visitors without registration and free of charge (without entering a username, password or email address).

Purchases can be made without registration, but the User experience can be improved for a possible future order if the data does not have to be entered repeatedly each time.

6.3 Customer registration

Scope of data processed when registering as a customer:

Last name, First name, username, email address, password.

Without the information listed here, the registration cannot be completed and cannot be validated.

After registration, the registration becomes valid and can be used on the website by clicking on the validation link sent to the registered email address in a confirmation email.

In addition, customers provide/may provide additional information when using the website, for the purpose of using the operator's services and making a purchase:
Billing name, billing address, delivery address, company name, tax number, telephone number

After registration, Users can view their order history, save their shipping details, login details, favourite products, preferred payment methods to facilitate future purchases and improve the user experience.

Registered Buyers, after a successful purchase, can leave reviews on the published products, which will be visible to all visitors and users.

7. Important data processing information, request for data erasure

The duration of data processing always depends on the specific purpose of the user.

The Data Controller shall delete the data, unless otherwise provided by law or the data subject, on the day following the following periods (as the time when the purpose of the processing ceases to exist).

The Data Controller shall delete the data under the data management provided for in Sections 5.2.1, 5.2.3, 5.2.4 on the 730th day after the inactivity of the user concerned, if the conditions set out in the legislation are met (this period shall be extended by the hibernation period initiated by the user in any case), and the user's registered membership shall be terminated in accordance with the contractual terms between the parties.

The processing of data under 5.2.2. will be carried out for the period specified by law (the end of the 8th year following the termination of the contract between the parties).

Data processed in accordance with clauses 5.2.5 to 5.2.6 will be processed by the Data Controller for the period of time specified in clause 10 of this Privacy Statement.

You may request the deletion of your data before the date of your request, provided that you can prove that you are entitled to have the data deleted. The request for erasure may be made in writing, by info@ayurmedic.eu by sending an e-mail to the following address and to WT's postal address.

The way to confirm is by requesting the deletion from the email address that is listed in your registration profile. In the case of a request by post, data controllers will assess individually the presumption of identity of the requesting person and the request for erasure.

If the legal basis for the deletion of the data cannot be demonstrated by the data subject in any of the above ways, a case-by-case and individual assessment may be made - by requesting other identification, such as the exact date of registration (year/month/day) and/or by identifying the IP address - for example, if the data subject can identify the IP address used at the time of registration.

You may request the modification or deletion of your personal data by e-mail, telephone or letter using the contact details provided in this GDPR notice.

8. How the data is stored

As a data subject, you have the right to object to the processing of your personal data, in accordance with the procedure set out in the processing information and this notice and the legislation described in this notice.

The data controller or data processor must ensure the security of the data and must take the technical and organisational measures and establish the procedural rules necessary to enforce the Data Protection Act and other data protection and confidentiality rules. In particular, the data must be protected against unauthorised access, alteration, disclosure or deletion, damage or destruction.

9. Newsletter

We declare that the information and brochures we publish comply fully with the relevant legal provisions. In accordance with Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities and the provisions of the Info tv. According to Article 5 (1) a) of the Info Privacy Act, the User may expressly consent in advance to being contacted by WT with advertising offers and other mailings at the contact details provided upon registration and to the processing of his/her personal data for the purpose of sending advertising offers.

Data processed: last name, first name, username, email address,

Legal basis for data processing: the User may unsubscribe from receiving offers and newsletters without any restriction and without giving any reason, free of charge. In this case, all personal data necessary for sending advertising messages will be immediately deleted from the register and the User will not be contacted with further advertising offers.

Users are reminded of the possibility to unsubscribe from the newsletter at the bottom of each newsletter.

Possible data controllers: personal data may be processed by the controller's employees or, in the case of a separate written data processing contract, by subcontractors engaged by the controller, in compliance with the data protection legislation in force at the time.

Data subjects' rights in relation to data processing: the data subject may unsubscribe from the newsletter at any time, free of charge. The data subject may request information from the controller about the processing of his/her personal data, and may request the rectification, erasure or blocking of his/her personal data. The Service Provider as data controller shall provide the information requested by the customer in writing in an intelligible form within the shortest possible period of time from the submission of the request for information, but not later than 30 days. If you have any questions or doubts about the data processed by the Service Provider, or if you wish to obtain clarification about your data, you may do so by sending an e-mail to info@ayurmedic.eu.

The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent within the scope specified in the consent. The data recorded in this register, relating to the recipient of the advertising, may be processed only in accordance with the consent given in the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.

10. Cookies (cookies)

We use "cookies" on our website. These are small files that store information in the visitor's - user's - web browser. This requires your consent when you access the site.

We use the "cookies" in accordance with the provisions of Act C of 2003 on electronic communications, Act CVIII of 2001 on certain aspects of electronic commerce services and information society services, and the European Union.

Analytical or performance cookies:

These help us to distinguish visitors to the website and collect data on how visitors behave on the website. They do not collect information that can identify you, the data is aggregated and stored anonymously (e.g. Google Analytics)

Functional cookies:

These cookies are used to improve the user experience. They detect and store, for example, the device you use to access the website, or information you have previously provided and requested to be stored, such as automatic login, the language you have chosen, or user changes you have made to other customisable elements of the website. These "cookies" do not track your activity on other websites. However, the information they collect may include personally identifiable information that you have shared.

You can delete or disable "cookies" in the browser programs you use. By default, browsers allow cookies to be set. You can disable this in your browser settings and delete existing ones. You can also set the browser to notify the user when a cookie is sent to the device. It is important to stress, however, that disabling or restricting these files will degrade the browsing experience and may also cause errors in the functionality of the website.

The cookies also record the following data to comply with the GTC and to meet legal obligations:

• products viewed
• last activity time.

Cookies used on the site:

11. Data transmission

Our activities in order to provide the functions of the website, the legal basis of which is the consent of the data subject, are governed by the Infotv. Section 5 (1) a) and Section 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

Az adatkezelés valamennyi felhasználót érint, továbbá a kezelés alá vett adatok körébe tartozik a vezeték- és keresztneve, e-mail címe, telefonszáma.

The processing lasts until the data subject's consent is withdrawn.

TSZ has the right to access the data and may process the personal data as a data processor in compliance with the law.

Az Üzemeltető a szolgáltatás biztosítása céljából igénybe vett, 1. pontban meghatározott adatkezelő részére továbbít.

Az adattovábbítás jogalapja  az Üzemeltető és a Felhasználó közötti szerződés teljesítése, az abból eredő kötelezettségek teljesítésének lehetővé tétele, mint Szolgáltatás teljesítése. Az adatkezelés időtartama az adattovábbítás lebonyolításáig tart.

Other data processors used:

Parties as defined in point 1 of this privacy statement.

Description of the data subjects' rights in relation to data processing: the data subject may request information from the controller about the processing of his or her personal data, and may request the rectification, erasure or blocking of his or her personal data.

We will provide the information requested by the customer in writing and in an intelligible form within the shortest possible time from the date of the request for information, but not later than 30 days.

If you have any questions, doubts or requests for clarification about the data processed, you can do so by sending an e-mail to info@ayurmedic.eu. For a detailed explanation of data subjects' rights and remedies in relation to data processing, please refer to points 3-4-5 of this notice.

The legal basis for the transfer of data is the consent of the User, the Infotv. Section 5 (1) a) of Article 5 and Section 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

The controller shall design and implement the processing operations in such a way as to ensure the protection of the privacy of the data subjects.

The data controller and the data processor in the scope of their activities shall ensure the security of the data, and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the Info Act and other data protection and confidentiality rules.

In particular, appropriate measures must be taken to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.

In order to protect the data files managed electronically in the different registers, appropriate technical arrangements should be in place to ensure that data stored in the registers cannot be directly linked and attributed to the data subject, unless permitted by law.

When personal data are processed automatically, the controller and the processor take additional measures to ensure:

• prevent unauthorised data entry;
• preventing the use of automated data processing systems by unauthorised persons using data transmission equipment;
• the verifiability and ascertainability of the bodies to which personal data have been or may be transmitted using data transmission equipment;
• the verifiability and ascertainability of which personal data have been entered into automated data processing systems, when and by whom;
• the recoverability of the installed systems in the event of a failure and the reporting of errors in automated processing.

The controller and the processor should take into account the state of the art when defining and implementing measures to ensure data security. The choice between several possible processing solutions should be made which ensure a higher level of protection of personal data, unless this would impose a disproportionate burden on the controller

12. Community sites

A social networking site is a media tool where the message is spread through social users. Social media uses the Internet and online publishing to enable users to engage with content. A person who fills in a form on the website - or sends a letter to an email address, or a caller on the phone - is not directly or indirectly - automatically - contacted by the social media site of the website.

Social media is the interface of web applications that hosts user-generated content, such as Facebook, Google+, Twitter, Instagram, LinkedIn, Pinterest.

Social media can take the form of public speeches, presentations, demonstrations, product or service launches. On the linked social networking site, visitors are not allowed to create their own posts or content because the data controller does not provide the technical means to do so. However, visitors can comment on published articles, posts with images, video and audio. The moderation of comments is carried out by the data controller. By default, most comments are not displayed (for example, due to the use of a swear filter) and can be approved by the data controller afterwards.

The information published on social media can take the form of forums, blog posts, images, video, audio, message boards, but not email messages.

Stakeholders: users, visitors

It is important to note that when a user creates any personal data in his/her comment, he/she grants the social networking site operator a valid worldwide license to store and use such content. Therefore, it is very important to make sure that the user has the right to disclose the posted information.

13. Copyright

13.1. A weboldal teljes tartalma – beleértve a forráskódot is – szellemi termék, amelynek tulajdonosa WT. A weboldal szöveges, audiovizuális és képi tartalmának – egészben, vagy részben történő másolása – szerzői jogsértésnek minősül.

13.2 By ordering the Service, the User also consents to the Company's use of the copyrighted elements provided by the User (including, in particular, the text of the advertisement, the attached images and videos) without payment of any consideration, to the extent and scope necessary and useful for the provision of the Service, including the right to copy, reproduce, store, publish, distribute and adapt as necessary, and to grant the right to use to third parties without any time or geographical (territorial) limitation. The right of use is exclusive and the Company is entitled to transfer it to third parties. With regard to the foregoing, the User may only transfer material created by him or other material in respect of which he holds the exclusive rights of use.

13.3. Public communication opportunities.

A szolgáltatásaink részét képező nyilvános kommunikációs csatornákat (pl. fórumok) minden felhasználónk saját felelősségére veszi igénybe. A különböző hozzászólások szerzői joga adott felhasználót illeti, ugyanakkor WT-nek joga van azokból korlátozás nélkül idézni, illetve azokat sokszorosítani.

A hozzászólások harmadik fél által csak személyes használatra nyomtathatók, tölthetőek le, illetve terjeszthetők, és kizárólag WT írásbeli hozzájárulásával lehet őket felhasználni.

Please note that different laws apply to comments on public communication channels and public communications. We handle the data that can be used to reach individual users of our communication services with the utmost care, in strict confidence, without any unauthorised access and, apart from the exceptions provided for by law, without any disclosure to third parties.

13.4. Links.

Our services may contain a number of links to other providers' sites. The Data Controller is not responsible for the privacy and information practices of these service providers.

14. Proper use

The site's data controllers and processors reserve the right to exclude visitors based on their IP address and/or telephone number and/or e-mail address in the event of improper use of the site (for example, but not limited to, DDOS attempts, phishing, or attempts to access the site's administration or other non-public areas), aggressive, abusive, profane or other community-disruptive conduct, or misuse of the site's name. In cases deemed to be more serious, the owner will take the necessary legal action.

15. Warranty, guarantee, abuse, complaint handling

The payment system on the site - all financial and moral responsibility rests with the person who initiates, attempts to initiate or completes the transaction. The operators and data controllers and processors of the website do not assume any financial responsibility for transactions initiated or completed by other means that fall into the hands of unauthorised persons. Nor are they responsible for any charges resulting from incorrect transactions.

16. Google Analytics

ayurmedic.eu uses Google Analytics. This activity is linked to the GA Privacy Statement.

https://policies.google.com/privacy?hl=hu

17. Final provisions

The data you provide is stored on a server operated by the hosting provider. In addition to the owner and operator, only our staff and the staff who maintain the server have access to the data, but they are all responsible for the secure handling of the data.

Activity description: hosting service, server service.

The purpose of the processing: to ensure the functioning of the website.

Data processed: personal data provided by the data subject.

The legal basis for processing is the consent of the data subject or processing based on law.

If you find an error or omission in this privacy notice, please notify us immediately. Our staff will make every effort to deal with the slightest user or visitor conflict promptly and, if necessary, to supplement or amend this Privacy Policy.

Rights in relation to data processing

The right to request information

You may request information from us, via the contact details provided, about what data our company processes, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you information without delay, but within 30 days at the latest, to the e-mail address you have provided.

The right to rectification

You can ask us to change any of your details using the contact details provided. Upon your request, we will promptly, but within 30 days at the latest, inform you of this by e-mail to the e-mail address you have provided.

The right to erasure

You can ask us to delete your data using the contact details provided. Upon your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.

The right to blocking

You can ask us to block your data using the contact details provided. The blocking will last as long as the reason you have given us makes it necessary to store the data. Upon your request, we will do so without delay, but within a maximum of 30 days, by sending you an e-mail to the e-mail address you have provided.

The right to protest

You may object to the processing of your data by using the contact details provided. We will examine the objection within the shortest possible time from the date of the request, but no later than 15 days, decide whether it is justified and inform you of our decision by e-mail.

Enforcement possibilities in relation to data processing

If you experience unlawful processing, please notify us so that we can restore the lawful status within a short period of time. The We will do our best to solve the problem you have described.

If you consider that the lawful status cannot be restored, please notify the authority using the following contact details:

National Authority for Data Protection and Freedom of Information

Postal address: 1530 Budapest, Pf.: 5.

Address: 1055 Budapest, Falk Miksa u. 9-11.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat (at) naih.hu
URL https://naih.hu
Coordinates: É 47° 30′ 56″; K 18° 59′ 57″

Legislation on which the processing is based

• REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
• Act LXVI of 1995 on public records, public archives and the protection of private archival material.
• Government Decree 335/2005 (XII. 29.) on the general requirements of document management by public bodies.
• Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
• Act C of 2003 on electronic communications.

The service provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.

This Privacy Notice has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to information self-determination and freedom of information.

17 July 2023.