1. Data controllers / data processors
Data controller, data processor, operator - Website owner
hereinafter, WT
Name / company name: |
Network Line Ltd. |
Seat: |
Hova House 1 Hova Villas Brighton and Hove BN3 3DH UK, England and Wales |
Tax number: |
449 5870 44 |
Telephone: |
+36 30 171 6699 |
E-mail: |
info@ayurmedic.eu |
Website name, address: |
ayurmedic.eu |
Contact details of the privacy notice: |
ayurmedic.eu/administration-tajekoztato |
Name of service provider, data controller
hereinafter, TSZ
Depository: |
The server park operating in the European Union |
Name / company name: |
Servergarden Ltd. |
Seat: |
1139 Budapest, Váci út 99-105. |
Company registration number: |
01-09-350297 |
E-mail: |
info@servergarden.hu |
Website name, address: |
servergarden.hu |
Contact details of the privacy notice: |
https://www.servergarden.hu/adatkezelesi-tajekoztato |
Google Analytics
hereinafter referred to as GA
Name / company name: |
Google Ireland Ltd. |
Seat: |
Gordon House, Barrow Street, D04 E5W5, Dublin |
Mailing address: |
Gordon House, Barrow Street, D04 E5W5, Dublin |
E-mail: |
googleirelandlobbyingreturn-external@google.com |
Telephone: |
01 5431000 |
Other data controller, data processor - Google
Name / company name: |
Google LLC |
Seat: |
1600 Amphitheatre Parkway, Mountain View, CA 94043 Unites States |
Reason for processing: |
Requesting information and statistics about website visits, sharing files related to IT operations, development and technical background. |
Data processing activities: |
Collecting anonymous visitor statistics, operating a file-sharing system |
Those affected: |
All visitors, active users |
In case of payment by bank transfer, data processor, data controller
Name / company name: |
K&H Bank |
Seat: |
1095 Budapest, Lechner Ödön fasor 9. |
Mailing address: |
1138 Budapest, Népfürdő u. 24-26. |
E-mail: |
bank@kh.hu |
Telephone: |
+36 1 335 3355 |
Reason for processing: |
Processing a transfer payment |
Those affected: |
User choosing a transfer payment method |
Other data processors used
Name / company name: |
Griff Consulting |
Seat: |
Hova House 1, Hova Villas, Brighton & Hove, BN3 3DH, UK |
Company registration number: |
08381240 |
Tax number: |
96290 18518 |
Institute of Certified Bookkeepers membership number: |
352191 |
Reason for processing: |
Accounting services |
Those affected: |
All customers using the service / buying the product. |
Name / company name: |
Viola 30 Ltd. |
Seat: |
8600 Siófok, Kende utca 2. |
Tax number: |
23984842-2-14 |
Phone number: |
+36 84 330 754; +36 20 261 7447 |
Email: |
info@calendula.hu |
Reason for processing: |
Provision of services |
Those affected: |
All customers using the service / buying the product. |
Name / company name: |
Calendula Bt. |
Seat: |
8600 Siófok, Viola utca 34. |
Mailing address: |
8600 Siófok, Kende utca 2. |
Tax number: |
28253204-1-41 |
Email: |
info@calendula.hu |
Reason for processing: |
Provision of services |
Those affected: |
All customers using the service / buying the product. |
2. Definitions
- GDPR (General Data Protection Regulation) is the European Union (European Parliament and Council) Data Protection Regulation 2016/679;
- Data management: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
- Personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Special data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data or biometric data revealing the identity of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons;
- Data Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller's designation may also be determined by Union or Member State law;
- Consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she gives his or her consent to the processing of personal data concerning him or her;
- Data transmission: if the data is made available to a specified third party;
- Disclosure: if the data is made available to anyone;
- Data deletion: data rendered unrecognisable in such a way that it cannot be recovered; automated dataset: a set of data that is processed automatically;
- Machine processing: includes the following operations, if they are carried out in whole or in part by automated means: storage of data, logical or arithmetical operations on data, alteration, deletion, retrieval and dissemination of data.
- Data protection incident: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- Visitor: visitors of the ayurmedic.eu website.
- User: a Registered members of the website.
- Customer / Buyervisitors to the website who attempt to use a service or purchase a product.
- Powered by: operates a webshop for Users and Visitors through the aforementioned ayurmedic.eu website for dietary supplement products made from medicinal plants.
The content placed and published on the site can be visited, viewed and browsed by visitors without registration (without providing a username, password, email address, telephone, shipping and billing address).
3. Guidelines for data management and processing
3.1 The data controller(s) and processor(s) declare that they will process personal data in accordance with the provisions of the Privacy Notice and will comply with the applicable law, in particular with regard to:
3.1.1.1 The Data Controller undertakes to publish a clear, prominent and unambiguous notice (privacy notice) informing its users and visitors of the manner, purpose and principles of data collection, before any data of its users and visitors are collected, recorded or processed.
A the processing of personal data must be lawful, fair and transparent for the data subject.
3.1.2 In addition, the Data Controller draws the user's attention to the voluntary nature of the data provision.
In all cases where the Data Controller requests personal data from its Visitors and Users, they are free to decide whether or not to provide the requested information after reading and understanding the required information text. However, if a person does not provide personal data, he or she may not be able to use the service from the Operator that requires the provision of personal data.
3.1.3 The data subject must be informed of the purposes of the processing and of who will process the data. The personal data shall be collected only for specified, explicit and legitimate purposes and shall not be processed by the Controller in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purposes ("purpose limitation");
3.1.4 In all cases where the Data Controller intends to use the data provided for purposes other than those for which they were originally collected, the Data Controller shall inform the User thereof and obtain his or her prior explicit consent or provide the User with the possibility to prohibit such use.
3.1.5 The purposes for which the personal data are processed must be adequate, relevant and limited to what is necessary.
3.1.6 Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted without delay.
3.1.7 Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.
3.1.8 Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.
The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require any third party to whom it may transmit or transfer the data to fulfil its obligations in this respect.
3.1.9. Information about processing shall also be provided where the law provides for the inclusion of data by transmission or interconnection from existing processing.
3.1.10. The principles of data protection shall apply to all information relating to an identified or identifiable natural person.
3.1.11. The Data Controller shall in all cases comply with the restrictions laid down in the Principles when collecting, recording and processing data and shall inform the data subject of its activities by electronic mail, as requested by the data subject. The Data Controller undertakes not to impose any sanctions on a user who refuses to provide the optional data.
3.1.12. Personally identifiable data and information means personal data relating to natural persons which make it possible to identify them personally, to establish a communication link with them or to determine their physical location, including but not limited to their name, address, postal address, telephone number, e-mail address.
3.1.13. Anonymous information that is collected in a way that excludes personal identifiability and cannot be linked to a natural person, and demographic data that is collected in a way that does not link it to the personal data of identifiable persons and thus cannot be linked to a natural person, is not personal data.
3.1.14.
This Privacy Statement is about the protection of personal data of visitors, registered users not intended for public disclosure, but made available to the Data Controller, Operator. If a person voluntarily discloses some or all of his/her personal information, such information is not covered by this Privacy Policy.
3.1.15. In all cases, we will indicate which data we ask you to provide on a "mandatory" basis during registration, for what purposes and under what conditions. The term "mandatory" in this case does not refer to the mandatory nature of the data collection, but to the fact that there are some records without which the registration cannot be completed successfully, so that leaving certain fields blank or filling them in incorrectly may lead to the rejection of the registration.
3.1.16. Personal data provided by Visitors and Users will not be disclosed to third parties under any circumstances unless authorised.
However, if the Data Controller is requested by the competent authorities to provide personal data in the manner required by law (e.g. in case of suspicion of a criminal offence, official data seizure order), we will provide the requested and available information in compliance with our legal obligation.
Where our Users provide us with personal data, we will take all necessary steps to ensure the security of such data - both during network communication (i.e. online processing) and during storage and retention (i.e. offline processing).
3.1.17. In this way, as Data Controller, we ensure that Users' personal data is kept up to date, accurate and timely.
3.1.18. If any User requests that we delete their personal data from our own system (subject, of course, in certain cases, to the condition that they are no longer able to use the service to which they belonged or in a way that they cannot use it), we will do so without delay.
3.1.19.
4. Additional safeguards to protect the data subject
In the following sections, we draw your attention to the rights of all data subjects.
4.1 The data subject has the right to be informed about his/her data and the processing (data subject's right of access).
4.2 The data subject shall have the right to obtain, at his or her direct request, the restriction of processing by the Controller, where any of the grounds listed herein apply:
4.2.1. the data subject contests the accuracy of his or her personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
4.2.2. the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
4.2.3. where the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
4.2.4. the data subject has legitimately objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
4.3 The data subject shall have the right to obtain information about the automated filing of personal data, its main purposes and the identity, residence or registered office of the controller.
4.4 The data subject has the right to be informed, at reasonable intervals and without excessive delay or expense, whether or not personal data relating to him or her are being kept in an automated filing system and to be provided with information about those data in a form which he or she understands.
4.5 The data subject shall have the right to obtain, where justified, the rectification or erasure of such data without undue delay (right to be forgotten). The Controller shall inform all recipients to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the data subject of these recipients.
4.6 The data subject shall have the right to obtain, in the course of processing based on consent, in the case of automated processing, the information concerning him or her which he or she has provided to Calendula Pharma Co. Ltd. in a structured, commonly used, machine-readable format, and to receive the personal data provided by him or her to Calendula Pharma Co. Ltd. to transfer these data to another controller. The exercise of this right shall not infringe the right to be forgotten and shall not adversely affect the rights and freedoms of others.
4.7 The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions;
4.8 The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except in the circumstances set out in Article 22 of the GDPR (automated decision-making);
4.9 The data subject shall have the right to a judicial remedy if his or her request for information or, in justified cases, for notification, rectification or erasure, as provided for by law, is not complied with. At the request of the data subject, the Controller shall provide information on the data processed by the Controller or by a processor to whom the Controller has delegated the processing, the purposes, legal basis and duration of the processing, the name, address (registered office) and activities of the processor in relation to the processing, as well as the persons to whom and the purposes for which the data are or have been disclosed. The data controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 30 days. The data subject may, in the event of a breach of his or her rights, bring an action against the Controller before the courts. The Controller shall compensate any damage caused to another person by unlawful processing of the data of the data subject or by a breach of the requirements of technical data protection.
The Data Controller shall also be liable to the data subject for damage caused by another Data Processor employed by the Data Controller. The Data Controller shall be exempted from liability if it proves that the damage was caused by an unavoidable cause outside the scope of the processing. No compensation shall be payable in so far as the damage resulted from the intentional or grossly negligent conduct of the person who suffered it.
5. The data processed and their legal basis
5.1. Legal basis of the data processed
The provisions on data management and the protection of the personal data of Visitors apply only to natural persons, given that personal data can also be understood only in relation to natural persons (pursuant to Act CXII of 2011 on the right to information self-determination and freedom of information), therefore this privacy policy is binding only in relation to the processing of personal data of natural persons who register on the website.
5.1.1 The legal basis for the processing of data under 5.2.1 is the consent of the data subjects and the legitimate interest of the Data Controller in the performance of the contract between the data subject and the Data Controller (Article 6(1)(b) GDPR).
5.1.2. The data subjects give their consent during the registration process by ticking a checkbox for each processing purpose and by subsequently providing their personal data (e.g. username, password, email address, telephone number, delivery and billing address).
5.1.3.
5.1.4 The legal basis for the processing of the data under points 5.2.5. and 5.2.6. is the legitimate interest of the Controller in the performance of the contract between the data subject and the Controller (Article 6(1)(b) GDPR).
The users of the Website accept the functioning of cookies by clicking on the "Login" button when accessing and logging in to the Website, both as a visitor and as a registered user. In case of acceptance of the use of cookies, the information and consent shall also apply to the use of the Website in subsequent connections to the user's device.
5.2. Scope of data processed and purpose of data processing
Personal data may be processed only for specified purposes, for the exercise of rights and the performance of obligations. The processing must comply with this purpose at all stages. Only personal data which is necessary for the purpose of the processing, is adequate for the purpose, and is processed only to the extent and for the duration necessary for the purposes of the processing.
5.2.1 Purpose of processing: to provide the services of the webshop, to fulfil the contractual rights and obligations related thereto.
Data processed: first name, surname, e-mail address, password*, telephone number, delivery address
In addition, to ensure the quality of the service, to comply with the GTC and for the legitimate interest of the service provider, we also process the following data:
Customer service correspondence, call data (call number, time of call, duration) and log files of the use of the functions provided by the system.
*The password of the user's choice, which is entered into the database in encrypted format in accordance with the technical and legal requirements of the present day. Passwords are not accessible to data controllers in unencrypted form."
5.2.2. Purpose of data processing: to fulfil statutory tax and accounting obligations (accounting, taxation).
Data processed: personal data as defined by law, in particular billing name, company name, tax number, billing address, e-mail address, payment details.
5.2.3 Purpose of processing: use for marketing purposes, sending newsletters (commercial offers), use for direct marketing purposes.
Data processed: name, e-mail address, telephone number
5.2.4.
Data processed: data indicated in point 5.2.1.
5.2.5.
These logging parameters - automatically recorded - may be the following - depending on what the website's program code is able to identify for a given visitor:
- Time of access, time spent on the website, activity performed during this time, time of exit
- Visitor's browser type, resolution, language, operating system, type of computing device
- Visitor IP address
The purpose of processing this data is to ensure quality and to provide WT with statistics for the website. The duration of this processing is 365 days - unless the visitor requests otherwise, by indicating his/her request for deletion at one of the WT contact details provided in this information.
5.2.6 Cookie: cookies are information automatically logged by the WT's servers. The following cookies are used by the Fund Manager:
(a) Session cookies.
(b) Functional cookies
The purposes, legal basis, duration and other information about cookies are set out in section 10 of this Privacy Policy.
5.3. Automated decision-making
The Data Controller uses automated decision-making (profiling) to develop discount offers as described below.
We offer discount offers based on the registration data, the time since the previous purchase and the user's activity on the Website.
6. How the website works
6.1. Acceptance of cookies and data management
The ayurmedic.eu website is an online webshop website for the purchase of herbal dietary supplement products. Visitors to the website are greeted by a pop-up window in the footer, in which both the cookies used by the site and the acceptance of this Privacy Policy are mandatory. If the visitor/user wishes to place an order or subscribe to a newsletter, he/she will not be able to proceed further in the process until he/she accepts this Privacy Policy.
The Service is free of charge to registered or unregistered users who view and browse the site, and charges are only incurred when purchasing the product(s).
Payment for products can be made by bank transfer, credit card payment, paypal and cash on delivery.
6.2. Registration
The content placed and published on the site can be visited, viewed and browsed by visitors without registration and free of charge (without entering a username, password or email address).
Purchases can be made without registration, but the User experience may be improved in case of a possible future order if the data do not have to be entered repeatedly each time.
6.3 Customer registration
Scope of data processed when registering as a customer:
Last name, First name, username, email address, password.
Without the data listed here, the registration cannot be completed and validated.
After registration, the registration becomes valid and usable on the website by clicking on the validation link sent to the registered email address in a confirmation email within the service provided by the Operator.
In addition, customers provide/may provide additional data when using the website, for the purpose of using the Operator's service and making a purchase:
Billing name, billing address, delivery address, company name, tax number, telephone number
After registration, Users can view their order history, save their shipping details, login details, favourite products, preferred payment methods to facilitate future purchases and improve the user experience.
Registered Buyers, after a successful purchase, can leave reviews on the published products, which will be visible to all visitors and users alike after the review has been left.
7. Important data processing information, request for data erasure
The duration of data processing always depends on the specific purpose of the user.
The Data Controller shall delete the data, unless otherwise provided by law or the data subject, the day following the expiry of the following periods (as the time when the purpose of the processing ceases to exist).
The Data Controller shall delete the data pursuant to the processing under clauses 5.2.1, 5.2.3, 5.2.4 on the 730th day after the inactivity of the User concerned, if the conditions for such inactivity set out in the legislation are met (this period being extended by the hibernation period initiated by the User in any case), and the User's registered membership shall cease in accordance with the contractual terms between the parties.
The data processing under clause 5.2.2 will be processed for the period specified by law (the end of the 8th year following the termination of the contract between the parties).
The Data Controller shall process the data subject to the processing under clauses 5.2.5 to 5.2.6 for the period of time specified in clause 10 of this Privacy Statement.
You may request the deletion of the data before that time, provided that you can prove that you are entitled to have the data deleted. The request for erasure may be made in writing to
info@ayurmedic.eu by sending an e-mail to the following address and to WT's postal address.
Confirmation can be obtained by requesting the cancellation from the email address provided in your registration profile. In the case of a request by post, the data controllers will assess individually the presumption of identity of the person requesting the deletion and the request for deletion.
If the legal basis for the deletion of data cannot be demonstrated by the data subject in any of the above ways, a case-by-case and individual assessment may be made by requesting other identification, such as the exact date of registration (year/month/day) and/or the IP address, for example if the data subject can provide the IP address used at the time of registration.
The modification or deletion of personal data can be initiated by e-mail, telephone or letter using the contact details provided in this GDPR notice.
8. How the data is stored
As a data subject, you have the right to object to the processing of your personal data, in accordance with the procedure set out in the processing information and this notice and the legislation described in this notice.
The data controller or processor is obliged to ensure the security of the data and to take the technical and organisational measures and establish the procedural rules necessary to enforce the Data Protection Act and other data protection and confidentiality rules. In particular, the data must be protected against unauthorised access, alteration, disclosure or deletion, damage or destruction.
9. Newsletter
We declare that the information and brochures we publish comply fully with the relevant legal provisions. In accordance with Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities and the provisions of the Info tv. According to Article 5 (1) a) of the Info Privacy Act, the User may expressly consent in advance to being contacted by WT with advertising offers and other mailings at the contact details provided upon registration and to the processing of his/her personal data for the purpose of sending advertising offers.
Data processed,
Legal basis for processing. In this case, all personal data necessary for sending advertising messages will be immediately deleted from the register and the User will not be contacted with further advertising offers.
The possibility of unsubscribing from the newsletter will be pointed out to the Users at the bottom of each newsletter.
Possible data controllers.
Data subjects' rights in relation to data processing. The data subject may request information from the controller on the processing of his/her personal data, and may request the rectification, erasure or blocking of his/her personal data. The Service Provider, as the data controller, shall provide the information requested by the customer in writing and in an intelligible form within the shortest possible period of time from the date of the request for information, but not later than 30 days. If you have any questions or doubts about the data processed by the Service Provider, or if you wish to obtain clarification about your data, you may do so by sending an e-mail to info@ayurmedic.eu.
The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent, within the scope specified in the consent. The data recorded in this register, relating to the recipient of the advertising, may be processed only in accordance with the consent given in the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
10. Cookies (cookies)
We use "cookies" on our website. These are small files that store information in the visitor's - user's - web browser. This requires your consent when you access the site.
We use cookies in accordance with the provisions of Act C of 2003 on electronic communications, Act CVIII of 2001 on certain aspects of electronic commerce services and information society services, and the European Union.
Analytical or performance cookies:
These help us to distinguish visitors to the website and collect data on how visitors behave on the website. They do not collect information that can identify you, the data is aggregated and stored anonymously (e.g. Google Analytics)
Functional cookies:
These cookies are used to improve the user experience. They detect and store, for example, the device you use to access the website, or information you have previously provided and requested to be stored, such as automatic login, the language you have chosen, or user changes you have made to other customisable elements of the website. These "cookies" do not track your activity on other websites. However, the information they collect may include personally identifiable information that you have shared.
You can delete or disable "cookies" in the browser programs you use. By default, browsers allow cookies to be set. You can disable this in your browser settings and delete existing ones. You can also set the browser to notify the user when a cookie is sent to the device. It is important to stress, however, that disabling or restricting these files will degrade the browsing experience and may also cause errors in the functionality of the website.
The cookies also record the following data to comply with the GTC and to meet legal obligations:
- products viewed
- last activity time.
Cookies used on the site:
Cookie |
Source from |
Validity |
Function, description |
_ga |
Google Analytics |
2 years |
Used to distinguish visitors. |
_gid |
Google Analytics |
24 hours |
Used to distinguish visitors. |
_gat_gtag_ [property_id] |
Google Analytics |
Expires immediately |
Used to analyse visitors' browsing habits, data streams, sources and other information |
_utma |
Google Analytics |
2 years |
Preparation of visitor statistics. |
_utmb |
Google Analytics |
session time |
Preparation of visitor statistics. |
_utmc |
Google Analytics |
session time |
Preparation of visitor statistics. |
_utmt |
Google Analytics |
session time |
Preparation of visitor statistics. |
_utmz |
Google Analytics |
6 months |
Preparation of visitor statistics. |
_ga |
Google Analytics |
2 years |
Preparation of visitor statistics. |
_gat |
Google Analytics |
session time |
Preparation of visitor statistics. |
_gid |
Google Analytics |
1 day |
Preparation of visitor statistics. |
11. Data transmission
Our activities in order to provide the functions of the website, the legal basis of which is the consent of the data subject, are governed by the Infotv. Section 5 (1) a) and Section 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
The data processing concerns all users, and the data processed include the password, first and last name of the contact person, e-mail address, telephone number, delivery address and name, billing name and address, company name, tax number, payment method, comment, date of registration, IP address at the time of registration.
The processing lasts until the data subject's consent is withdrawn.
TSZ has the right to access the data, process personal data as a data processor in compliance with the law.
The Operator shall transmit the User's e-mail address, billing address and telephone number to the payment service provider(s) as defined in point 1 used for the payment of the product(s) as a separate data controller in accordance with the provisions of Directive (EU) 2015/2366 of the European Parliament and of the Council (Payment Services Directive - PSD2) and Act LXXXV of 2009 on the provision of payment services.
The scope of the data transmitted to the payment service provider is set by the card company's specifications based on the EMV (Europay-MasterCard-Visa) standard, which is designed to enable even more secure customer authentication.
For the provision of the payment service, Erste Bank Zrt. and Paypal and Paypro, as online payment service providers, are considered as data controllers and not as data processors used by the Operator, on the basis of which they carry out the processing on the basis of their own data processing policies and under their own responsibility. The privacy notices governing the data processing of Erste Bank Zrt. and Paypal, Paypro are available at the following links:
https://www.erstebank.hu/hu/adatkezelesi
https://www.paypal.com/webapps/mpp/ua/privacy-full
https://docs.payproglobal.com/documents/legal/privacyPolicy.pdf
The purpose of the transfer is to ensure that the payment service provider is able to process payment transactions in accordance with the provisions of the above legislation. The above data shall be made available to the payment service provider exclusively for validation purposes on the issuing bank's side. The acquiring bank merely transmits the necessary data and does not use or store them in any form.
The legal basis for the transmission of the data is the performance of the contract between the Operator and the User in relation to the products ordered, to enable the fulfilment of the obligations arising therefrom, such as ensuring payment of the price of the product(s) by using the online payment service, the Operator's involvement in the payment process as a Service and the enforcement of the claim relating thereto. The duration of data processing lasts until the data transfer is completed.
Other data processors used:
Parties as defined in point 1 of this privacy statement.
The data subject may request information from the controller about the processing of his or her personal data and may request the rectification, erasure or blocking of his or her personal data.
We will provide the information requested by the data subject in writing and in an intelligible form as soon as possible after the request for information, but not later than 30 days after the request.
If you have any questions, doubts or requests for clarification regarding the data processed, you can do so by sending an e-mail to info@ayurmedic.eu. For a detailed explanation of data subjects' rights and remedies in relation to data processing, please refer to points 3-4-5 of this notice.
The legal basis for the transfer of data is the consent of the User, in accordance with the provisions of the Infotv. 5 (1) a) of Article 5, and Article 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
The controller shall design and implement data processing operations in such a way as to ensure the protection of the privacy of data subjects.
The data controller and the data processor shall ensure the security of the data and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the Info Act and other data protection and confidentiality rules.
In particular, data must be protected by appropriate measures against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction or damage and against inaccessibility due to changes in the technology used.
In order to protect the data files managed electronically in the different registers, appropriate technical arrangements should be in place to ensure that data stored in the registers cannot be directly linked and attributed to the data subject, except where permitted by law.
When personal data are processed by automated means, the controller and the processor should take additional measures to ensure that:
- prevent unauthorised data entry;
- preventing the use of automated data processing systems by unauthorised persons using data transmission equipment;
- the verifiability and ascertainability of the bodies to which personal data have been or may be transmitted using data transmission equipment;
- the verifiability and ascertainability of which personal data have been entered into automated data processing systems, when and by whom;
- the recoverability of the installed systems in the event of a failure and the reporting of errors in automated processing.
The controller and the processor should take into account the state of the art when defining and implementing measures to ensure data security. The choice between several possible processing solutions should be made which ensure a higher level of protection of personal data, unless this would impose a disproportionate burden on the controller
12. Community sites
A social networking site is a media tool where the message is spread through social users. Social media uses the Internet and online publishing to enable users to engage with content. A person who fills in a form on the website - or sends a letter to an email address, or a caller on the phone - is not directly or indirectly - automatically - contacted by the social media site of the website.
Social media is the interface of web applications that hosts user-generated content, such as Facebook, Google+, Twitter, Instagram, LinkedIn, Pinterest.
Social media can take the form of public speeches, presentations, demonstrations, product or service launches. On the linked social media site, visitors are not allowed to create a separate post or content because the controller does not provide the technical possibility to do so. However, visitors can comment on published articles, posts with images, video and audio. The moderation of comments is carried out by the data controller. By default, most comments are not displayed (for example, due to the use of a swear filter) and can be approved by the data controller afterwards.
The information published on social media can take the form of forums, blog posts, images, video, audio, message boards, but not email messages.
The data subjects are Users, Visitors.
It is important to note that when a user creates any personal data in his/her comment, he/she grants the social networking site operator a valid worldwide permission to store and use such content. Therefore, it is very important to make sure that the user has the right to disclose the information posted.
13. Copyright
13.1 The entire content of this website, including the source code, is the intellectual property of Calendula Pharma Co. Any reproduction of the textual, audiovisual and visual content of the website, in whole or in part, constitutes an infringement of copyright.
13.2 By ordering the Service, the User agrees that the Company may use the copyrighted elements provided by the User (in particular the text of the advertisement, the attached images and videos) without payment of any consideration, to the extent and within the scope necessary and useful for the provision of the Service, including the right to copy, reproduce, store, publish, distribute and adapt as necessary, and to grant the right to use to third parties, without any time or geographical (territorial) limitation. The right of use is exclusive and the Company is entitled to transfer it to third parties. With regard to the foregoing, the User may only transfer material created by him or other material in respect of which he holds the exclusive rights of use.
13.3 Public communication facilities.
Any public communication channels (e.g. forums) that are part of our services are used by all users at their own risk. The copyright of the various postings belongs to the respective user, however, Calendula Pharma Co. Ltd. has the right to quote and reproduce them without restriction.
Comments may be printed, downloaded or distributed by third parties for personal use only and may not be used by anyone other than Calendula Pharma Co. Ltd. may only be used, distributed or reproduced in whole or in part with the written consent of Calend Pharma Pharma Pharma Ltd.
Users should note that various laws applicable to posts on public communication channels and public communications are applicable. The data that can be used to reach users individually using our communication services will be treated with the utmost care and confidentiality, will not be accessible to unauthorised persons and will not be disclosed to third parties, except as required by law.
13.4 Links.
Our Services may contain a number of links to other providers' sites. The Data Controller is not responsible for the data and information protection practices of these service providers.
14. Proper use
The site's data controllers and processors reserve the right to exclude visitors based on their IP address and/or telephone number and/or e-mail address in the event of improper use of the site (for example, but not limited to, DDOS attempts, phishing, or attempts to access the site's administration or other non-public areas), aggressive, abusive, profane or other community-disruptive conduct, or misuse of the site's name. In cases deemed to be more serious, the owner will take the necessary legal action.
15. Warranty, guarantee, abuse, complaint handling
The payment system on the site - all financial and moral responsibility rests with the person who initiates, attempts to initiate or completes the transaction. The operators and data controllers and processors of the website do not assume any financial responsibility for transactions initiated or completed by other means that fall into the hands of unauthorised persons. Nor are they responsible for any charges resulting from incorrect transactions.
16. Google Analytics
ayurmedic.eu uses Google Analytics. This activity is linked to the GA Privacy Statement.
https://policies.google.com/privacy?hl=hu
17. Final provisions
The data you provide is stored on a server operated by the hosting provider. In addition to the owner and operator, only our staff and the staff who maintain the server have access to the data, but they are all responsible for the secure handling of the data.
The name of the activity is: hosting service, server service.
Purpose of data processing: to ensure the functioning of the website.
Data processed: personal data provided by the data subject.
The legal basis for processing is the consent of the data subject or processing based on law.
If you find an error or omission in this privacy notice, please notify us immediately. Our staff will make every effort to deal with the slightest user or visitor conflict promptly and, if necessary, to supplement or amend this Privacy Policy.
Rights in relation to data processing
The right to request information
You may request information from us, via the contact details provided, about what data our company processes, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you information without delay, but within 30 days at the latest, to the e-mail address you have provided.
The right to rectification
You can ask us to change any of your details using the contact details provided. Upon your request, we will promptly, but within 30 days at the latest, inform you of this by e-mail to the e-mail address you have provided.
The right to erasure
You can ask us to delete your data using the contact details provided. Upon your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.
The right to blocking
You can ask us to block your data using the contact details provided. The blocking will last as long as the reason you have given us makes it necessary to store the data. Upon your request, we will do so without delay, but within a maximum of 30 days, by sending you an e-mail to the e-mail address you have provided.
The right to protest
You may object to the processing of your data by using the contact details provided. We will examine the objection within the shortest possible time from the date of the request, but no later than 15 days, decide whether it is justified and inform you of our decision by e-mail.
Enforcement possibilities in relation to data processing
If you experience unlawful processing, please notify us so that we can restore the lawful status within a short period of time. The
We will do our best to solve the problem you have described.
If you consider that the lawful status cannot be restored, please notify the authority using the following contact details:
National Authority for Data Protection and Freedom of Information
1530 Budapest, PO Box 5.
Address.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat (at) naih.hu
URL https://naih.hu
Coordinates: E 47° 30′ 56″; E 18° 59′ 57″
Legislation on which the processing is based
- REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
- Act LXVI of 1995 on public records, public archives and the protection of private archival material.
- Government Decree 335/2005 (XII. 29.) on the general requirements of document management by public bodies.
- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
- Act C of 2003 on electronic communications.
The service provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.
This Privacy Notice has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to information self-determination and freedom of information.
17 July 2023.