1. OBJECTIVE OF THE REGULATIONS
The objective of these Regulations is to set out the data protection and data management principles applied by RE-GUARD Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (registered seat: H-2089 Telki, Tücsök utca 16.; corporate registry number: Metropolitan Court of Budapest Cg. 13-09-091185; tax number: 12839470-2-13)and the data protection and data management policy of the Company.
In the course of operating the www.regolymedical.hu website (hereinafter: Website), RE-GUARD Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (hereinafter: Service Provider) processes the data of visitors to the Website, those registering to the Website, and partners placing their orders through it (hereinafter jointly: Data Subjects).
2. NAME OF THE SERVICE PROVIDER AS DATA PROCESSOR
Name: Re-Guard Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
Registered seat and mailing address: H-2089 Telki, Tücsök utca 16.
Phone number: +36 26 789 141
E-mail address: firstname.lastname@example.org
3. SCOPE OF THE DATA PROCESSED
3.1. Registration. In the course of registration, Data Subjects are required to specify the following as compulsory data:
- User name,
- e-mail address,
- invoicing address (name, street name and number, city, zip code, tax number),
- delivery address (name, street name and number, city, zip code),
- phone number, contact person
3.2. Technical data
Technically recorded data in the course of system operation:the data of the computer of the Data Subject logging in that are generated in the course of using the service and are recorded by the Service Provider’s system as an automatic result of technical processes. Data recorded automatically are logged automatically by the system at both login and logout, without any special declaration or act by the Data Subject. Such data may not be associated with other personal user data –except for cases made compulsory by law.Only the Service Provider has access to such data.
In order for the Website to function most effectively, the Service Provider sends cookies – that is, small files including a character string and other technologies – to the Data Subject’s computer, through which their browser can be individually identified. Data processing by cookies is intended for providing certain services, and for collecting anonymized hit information. Service Provider may transfer the data processed by placing cookies in an anonymized form to third parties.
- Session cookie: session cookies are automatically deleted after the Data Subject’s visit. These cookies serve for enabling the Service Provider’s Website to operate more efficiently and securely, therefore they are indispensable for the proper operation of Webpage functions or certain applications.
- Persistent cookie: the Service Provider uses persistent cookies as well in order to enhance the user experience (e.g. optimised navigation provided). These cookies are stored for a longer period in the browser’s cookie file. The period thereof depends on the settings applied on the Data Subject’s internet browser.
- Cookie used for password-protected sessions.
- Cookie required for shopping cart.
- Security cookie.
If the Data Subject does not want Google Analytics to measure the data above in the manner and for the purpose described above, it should install a blocker add-on. Contact: www.google.com/analytics
The “Help” (Segítség) function in the menu bar of most browsers provides information on
- how to disable cookies in the browser,
- how to accept new cookies in the browser, or
- how to instruct the browser to set new cookies, or
- how to switch off other cookies.
Should you not consent to the placement of cookies, you can do so by the settings in your browser (disable, withdraw). In such a case, you may restrict or hinder the use of certain services.
3.4. General data processing related to online orders
Service Provider reserves the right to record the personal identity card number of the natural person taking over the product on the Invoices in the course of the personal receipt of goods, in the manner defined in the Info Act, following consent by the Data Subject. As provided in the Info Act, such consent may be granted verbally, in writing, and by implication (handing over the document).The purpose of this data processing is to protect customers’ interest in ownership. According to the provisions set out in the Info Act, the Data Subject may request the Service Provider to delete its personal data specified in this section.
3.5. Data processing related to Newsletters, Personalised newsletters, and Cart leave letters
On the website of Re-Guard, it is possible to sign up for personalised newsletters. In connection with using this opportunity, users signing up for the newsletter supply the personal data specified below to Re-Guard Kft. in the framework of voluntary data disclosure:
- E-mail address
- Phone number
- Webpage use habits
- Newsletter reading habits
- Buying habits – There is a newsletter function which the user decides to receive in connection with new products/sales.
4. LEGAL BASIS, PURPOSE AND METHOD OF DATA PROCESSING
4.1. Data processing is carried out in respect of the internet content on the website at www.regolymedical.hu(hereinafter: Website), pursuant to the Data Subject’s informed voluntary declaration, which declaration includes the Data Subject’s express consent to the fact that its personal data disclosed during Website use may be used. Pursuant to Section 5 (1) a) of Act CXII of 2011 on Informational Self-determination and Freedom of Information (Info Act), the legal basis of data processingis the Data Subject’s voluntary consent, as well asthe provisions of Act CVIII of 2001 on Certain Aspects of Electronic Commerce Services and Information Society Services.
Such consent is granted by the Data Subject in respect of data processing by Website use, by registration, and by the voluntary disclosure of the data concerned.
4.2. The purpose of data processing is to ensure the provision of the services available on the Website. Service Provider shall process the data made available by the Data Subject only for specific purposes, such as the fulfilment of orders, home deliveries, invoicing, contacts, and if the Data Subject has registered for a newsletter, then for sending newsletters and for subsequent proof of the terms and conditions of any contract to be concluded.
4.3. Data recorded automatically are intended for the production of statistics, technical development of the IT system, and the protection of the Data Subject’s rights.
4.4. Service provider shall not and may not use the personal data provided for purposes other than those specified in these paragraphs. Unless otherwise provided by law with binding force, personal data may only disclosed to third parties or authorities subject to the Data Subject’s prior express consent.
4.5. Service Provider shall not check the personal data supplied to it. The adequacy of the data supplied is the sole responsibility of the person providing them. When specifying its e-mail address, any and all Data Subjects assume responsibility at the same time that they are the only ones to use services from the e-mail address specified. With regard to this responsibility, all liability related to logins at an e-mail address specified shall be borne by the Data Subject who registered such e-mail address.
5. DURATION OF DATA PROCESSING
5.1. The processing of personal data supplied in the course of registration starts with registration and lasts until the deletion thereof upon request. In the case of non-compulsory data, data processing shall last from the date of supplying such datauntil the deletion of such data upon request.Registration may be deleted by the Data Subject and the Service Provider at any time, in the case and in the manner set out in the General Contractual Terms and Conditions (hereinafter: GTC).
5.2. With the exception of the date of the last visit, which is automatically overwritten, the data logged in the system are stored for 6 months from the date of logging.
5.3. The provisions above do not affect the fulfilment of data preservation obligations set out by law (e.g. in legal regulations on accounting) and data processing in the course of registration to the Website or based on further consent provided otherwise.
5.4. In case of newsletters, personal data processing lasts until unsubscribing from the newsletter in the manner specified in section 8.4.
6. SCOPE OF PEOPLE GETTING TO KNOW DATA, DATA TRANSMISSION, DATA PROCESSING
6.1. The Service Provider and the Service Provider’s internal employees are primarily entitled to get to know data, but they shall not publish them and shall not disclose them to third parties.
6.2. In respect of the operation of the underlying IT system, order fulfilment, and settlement of accounts, the Service Provider may hire a data processor (e.g. system operator, transport company, accountant).
Names of data processors:
- Ress Bt.- accounting
- H&H HOMOR ÉS TÁRSAI KFT. - auditing
- SAP - corporate governance system
- TRANS-O-FLEX HUNGARY KFT - courier service
6.3. Re-Guard Kft.processes Data Subjects’ personal data in a traceable manner and in compliance with legal regulations. In addition to the above, personal data shall be forwarded to third parties only and exclusively with the Data Subject’s consent and shall be disclosed only in case of an authority request.
7. DATA HOLDER’S RIGHTS AND OPTIONS FOR LEGAL REDRESS
7.1. Data Subject is entitled to request information on the personal data referring to it and processed by the Service Provider at any time, and it may modify them at any time as specified in the GTC.
7.2.Upon the Data Subject’s request, the Service Provider shall supply information on the data referring to the Data Subject and processed by the Service Provider, on the Data Subject’s data processed by it or by a data processor designated as instructed, the source thereof, the purpose, legal basis, and duration of data processing, as well as on the name, address and data processing related activity of the data processor, the circumstances and impacts of any data protection incident, and the measures taken to eliminate it; furthermore – in case of forwarding the Data Subject’s personal data –on the legal basis and addressee of data forwarding. Service Provider shall supply the information requested in writing, within 30 days of submitting the relevant request.
In order to control measures related to a data protection incident and to inform the Data Subject, the Service Provider –if it has an internal data protection officer, through such data protection officer –shall keep a register containing the scope of the personal data affected, the scope and number of the Data Subjects affected by the data protection incident, the date, the circumstances, the impacts of the data protection incident and the measures taken to eliminate it, as well as any other data as specified in the legal regulation prescribing data processing.
7.3. Data Subject may exercise its rights at the following contact details:
Mailing address: Re-Guard Kft. H-2089 Telki, Tücsök utca 16.
Data Subject may contact the Service Provider’s staff through the contacts set out in section 7.3 in respect of any issues or remarks related to data protection.
7.4. Data Subject is entitled to request the correction or deletion of their data recorded incorrectly at any time. Data Subject may correct some of its data itselves on the Website; otherwise the Service Provider will delete the data within 3 working days of receiving the relevant request; in this case, they cannot be recovered. Deletion does not apply to data processing required by law (e.g. accounting regulation), they will be preserved by the Service Provider for the period prescribed.
7.5. Furthermore, Data Subject may request the blocking of its personal data. The Service Provider will block personal data if so requested by the Data Subject, or if it can be assumed, based on the information available, that such deletion would prejudice the Data Subject’s lawful interests. Personal data blocked this way may only be processed until the purpose of data processing that excludes the deletion of personal data prevails.
Data Subject and all parties to which the data were forwarded earlier for data processing purposes are required to be notified of correction, blocking and deletion. Notification can be omitted if it does not prejudice the Data Subject’s lawful interests with regard to the purpose of data processing.
If the Service Provider fails to meet the Data Subject’s request for correction, blocking or deletion, the Service Provider shall impart the factual and legal reasons for rejecting such request for correction, blocking or deletion in writing, within 30 days of receiving such request.
Data Subject may protest against the processing of its personal data. The Service Provider shall consider such protest within the shortest time from the submission of such request, but within up to 15 days, making a decision on the grounds thereof and informing the Data Subject on its decision in writing.
7.6. Pursuant to the Info Act and the Civil Code (Act V of 2013), the Data Subject
- may turn to the Hungarian National Authority for Data Protection and Freedom of Information (H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu),or
- may enforce their rights in court.
7.7. In the event that the Data Subject specified third party data for using services in the course of registration, or caused damage in any manner during the use of the Website, Service Provider shall be entitled to enforce damages against the Data Subject. In such a case, Service Provider shall use its best endeavours to acting authorities in order to ascertain the personal identity of the offender.
8. NEWSLETTER, PERSONALISED NEWSLETTER
8.1. Service Provider pays particular attention to the lawfulness of the use of electronic mail addresses processed by it, so it will only use them in the manner specified below for sending (information or advertising) e-mails.
8.2. The processing of e-mail addresses principally serves for the identification of Data Subjects and for keeping contact with them in the course of fulfilling orders and using services, so e-mails will be sent primarily to this end.
8.3. In the event of any change in the services provided by the Service Provider or in the GTC, in certain cases the Service Provider will provide information on such change and on the Service Provider’s other similar servicesto Data Subjects electronically, by e-mail. Such notifications, however, shall not be used by the Service Provider for advertising purposes.
The Service Provider may only send letters containing advertisements or promotions (newsletters) to the electronic mail addresses specified during registration with the Data Subject’s express consent, in the cases and in the manner stipulated by law. Newsletters include direct marketing components and comprise advertisements. In respect of using newsletters, the Service Provider processes the data specified by the Data Subject.
In case of newsletters, the Service Provider processes the data supplied by the Data Subject during subscription until the Data Subject unsubscribes from the newsletter by clicking on the “Unsubscribe” (Leiratkozás) button at the bottom of the newsletter or requests removal from the list of subscribers by e-mail or by postal consignment. Upon cancellation of a subscription, the Service Provider will not contact the Data Subject with further newsletters and offers. The Data Subject may unsubscribe from newsletters free of charge at any time and may withdraw their consent. Our registered users may also unsubscribe from newsletters free of charge at any time by logging into their personal account.
8.5. Personalised newsletter
Re-Guard Kft. may also use the personal data of users to send them personalised offers in the form of newsletters. In personalised newsletters, Re-Guard Kft. examines the former purchases of registered users who subscribed for newsletters, and, based on such survey and the results there of, it may also send personalised newsletters to its users.
Cancellation of a subscription to a personalised newsletter is governed by the provisions set out in section 8.4. If the user concerned unsubscribes from Re-Guard’s newsletter, it will not receive any personalised newsletters, either.
9. OTHER PROVISIONS
9.1. The Service Provider’s system may collect data on Data Subjects’ activity, which either may not be associated with any other data supplied by Data Subjects during registration, or with data generated while using other webpages or services.
9.2. In each case where the Service Provider intends to use the data supplied for a purpose other than the purpose of the original recording of data, Service Provider shall notify the Data Subject thereof and obtain the Data Subject’s express prior consent thereto and/or provide an opportunity for the Data Subject to prohibit data use.
9.3. Service Provider undertakes to ensure data security and to take technical measures to protect data recorded, stored, and processed, as well as to take all measures to prevent their destruction, unauthorized use, and unauthorized corruption. Service Provider also undertakes to call upon each third party to which data are forwarded or transmitted to meet such obligations.
9.4. Service Provider reserves the right to modify these Regulations unilaterally, subject to previous notification to Data Subjects through the Website interface. After such modification enters into effect, the Data Subject is required to accept such modification in order to be able to further use the Website, in the manner set out by the Service Provider on the Website.