Our data management principles are concisely as follows:¬†
- We collect and handle personal data only in accordance with current legislation and European Union standards.¬†
- DM letter (newsletter) will be sent only in case of special consent. However, we can send a system message also without any special consent.¬†
- The data are stored as safely as possible.¬†
- Personal data will be transferred to third party only with a consent of the concerned people.¬†
- We can give information to anyone about the data stored, if it is requested at the following e-mail address in writing: firstname.lastname@example.org¬†
- Cancellation of personal data can be requested at email@example.com¬†any time.¬†
Alveola Kereskedelmi √©s Szolg√°ltat√≥ Korl√°tolt FelelŇĎss√©gŇĪ T√°rsas√°g (Alveola Trade and Service Ltd.) (headquarter: 1143 Budapest, Gizella u 28/A., Company registration number:Cg.01-09-567918, Court of Registration: Metropolitan Court ; Tax number: 12240911-2-42; hereinafter "Alveola") as a data controller agrees to be bound by the content of this Data Protection Regulation and agrees that all data management activities related to the website operated by it comply with the expectations defined in this Regulation and the applicable legislation, in particular with regard to the Regulation No. 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and Repealing Regulation (EC) No. 95/46¬† ("GDPR") and the Regulation on information self-determination and freedom of information, Act CXII. of 2011 ("Info tv"), and the Regulation of electronic commerce services, and certain aspects of information society services, Act CVIII of 2001 ("Eker tv."), and the Regulation on the management of name and address data for research and direct business acquisition, Act CXIX of 1995 ("Katv") and the Regulation on the fundamental terms and limitations of economic advertising, Act XLVIII of 2008 ("Grt.")¬†
Alveola describes its data management principles below, presenting the expectations that it formulated as a data controller and that are complied with.¬†
1. THE AIM OF DATA MANAGEMENT:
Alveola maintains an online portal ("Website") at http://alveola.com¬†in order to¬†
- facilitate contacting and maintaining contacts with people interested in Alveola's products and services on the Website ("Potential Customer") and provide Potential Buyer with the information they need to contact and register to the database created for this purpose ("Potential Customer Database") without obligation to contract ("Customer Relationship"),
- transmit Alveola advertising newsletter on Alveola's products and services, and on any new features of the Website and other relevant information for visitors of the Website, who have given their consent to this ("Subscribers") and registered to this database ("Newsletter Database‚ÄĚ) - in electronic form.
In addition, Alveola submits data of advertisements for professional cosmetic clients ("Customers"), who have registered in the database ("Offline Marketing Database") by electronic, phone and postal way for the purposes of direct business acquisition and manages processing of data ("Direct Business Acquisition‚ÄĚ).¬†
In accordance with Article 8 (1) of the GDPR, for the registration and subscription of a user, who has not yet reached the age of 16 or who is limited to act, it is required the consent of his/her legal representative or caretaker, and in the absence thereof, the registration of a minor user, or person who is limited to act, cannot be accepted by the data controller, thus the registration submitted will be cancelled. The data controller, considering the available technology, makes reasonable efforts to verify that the consent has been granted or authorized by the child parental supervisor.¬†
Alveola shall manage the data recorded in the Concerned Databases exclusively in accordance with this Data Protection Regulation and shall not transmit or make them available to a third party, except where such disclosure or data transmission is by statutory, authority or court order mandatory, or it is indicated in this Data Protection Regulation.¬†
By using the Website or with that registration Concerned People expressly accept, what is written in this Data Protection Regulation and voluntarily consent to the managing and processing of their personal data as described in this Regulation.¬†¬†
2. LEGAL BASIS FOR DATA MANAGEMENT:¬†
The legal basis for managing data entered in the Concerned Databases is, as a rule, an informed and voluntary contribution of the Concerned Person.¬†¬†
If the personal data has been collected with the consent of the Concerned Person, the data controller shall record the data collected, unless otherwise provided by law, in order to fulfil its legal obligation or to enforce a legitimate interest of the data controller or third party, if the enforcement of this interest is proportionate to the limitation of the right to the protection of personal data without further special consent and if the data can be processed also after withdrawing the consent of the Concerned Person.¬†¬†
3. SCOPE OF ALVEOLA'S PERSONAL DATA, DATA TRANSMISSION AND DURATION OF DATA MANAGEMENT
Alveola declares that its data management does not cover personal data (specific category) within the meaning of Article 9 of the GDPR. Such personal data will not be processed, if it would be in possession of such data, these data would immediately be deleted.
3.1. Potential Customers Database
Potential Customer Database of our company can be accessed through our Website by contacting us on any of our contact details. After contacting Alveola will manage the following data of the Potential Customer.¬†
Obligatory required information for the Potential Customer:¬†¬†
- company name
- contact name,
- email address,
- telephone number.
- fax number
In addition, Alveola will manage all data, which have been brought to our attention by the Potential Customer. The opinion of the Potential Customers about the services of Alveola may be disclosed on the Website for advertising purposes by identifying the first name of the Potential Customer.¬†
Managing of such data is based on the voluntary contribution of the Potential Customer pursuant to Article 6 (1) item (a) of the GDPR, or, at the request of the Potential Customer, it is necessary to undertake the pre-contractual steps and, if in case the service is sought, it is required to fulfilment of the contract (warranties) by Article 6 (1) item b) of the GDPR.¬† Data supply of the Potential Customer is not required to use the Website, so data supply does not constitute a precondition for a contract.
3.2. Newsletter database
Newsletter database of the Website can be accessed through a special consent given on the Website, as well as by subscription forms of newsletter subscription. After the successful application, Alveola manages the following data from Subscribers.¬†
Obligatory required data for the Subscriber:¬†¬†
- email address,
The managing of these data is usually based on the Subscriber's voluntary contributions regarding item 6. ¬ß (1) of Grt. and item 6 (1) a) of GDPR. Data supply of the Subscriber is not required to use the Website, so data supply does not constitute a precondition for a contract.
3.3. Offline Marketing Database
During Alveola's offline and online marketing activities the Customer can register Alveola's installed and maintained Offline Marketing Database. We provide registration opportunities especially in our shop, in various events, as well as for our telephone inquirers. Alveola implements some of its marketing campaigns through its contracted partners, who also pass data to our Offline Marketing Database after obtaining the appropriate customer contributions.¬† Additionally, our Company may use the Content of the Newsletter database to extend its Offline Marketing Database or can use the content of the Offline Marketing Database to expand the Newsletter Database, if it has a relevant consent from the Concerned Person.
In the Offline Marketing Database, we manage the following information of the Customer:
- email address,
- postal address,¬†
- telephone number.
Additional personal information managed for purposes of data management:
- number, type, and dates of direct business inquiries;
- the way and the date and the consent of the Customer's registration.
The managing of these data is usually based on the Customer's prior and voluntary contributions regarding the items 6. ¬ß (1) of Grt and 6 (1) item a) of GDPR.¬† Regarding the dispatch of adverts the Article 6. ¬ß (4) of Grt. is the legal basis for managing the Customer's data, in addition to the foregoing, in some cases, pursuant to Article 3. ¬ß (1) of Katv. , and the existence of a legitimate interest according to Article 6 (1) item (f) of the GDPR.¬† The registration of the Customer on the Website or in any other way does not constitute a sale of goods, thus, it is not a prerequisite for the conclusion of a contract.
3.4. Date of processing
During or after any visit of the Concerned Person through the Website or any of Alveola's contact details, Alveola performs data processing of the data transmitted to it during the duration of the purpose of the data management provided that the relevant data of the Concerned Person and the uploaded documents are automatically cancelled by Alveola, if the Concerned Person applies for it in accordance with the section "Rights and remedies of data management of Concerned Person" of this Data Protection Regulation.¬†
Alveola keeps data stored in the Offline Marketing Database until the purpose of the data management is maintained, so the data will be managed, until the business activity is performed, and the purpose of direct marketing exists. Our Company terminates the managing of data, if the Customer objects to the managing of their data, asks for the cancellation or forbids transmission of direct business mails or withdraws its consent to the transmission of these mails.
3.5. Data of visitors, application of "Cookies"
During the visit of the Website, the Website places small data packages (In English name: "Cookies") on the IT device of the Concerned Person or reads them back.¬†
The following types of Google Analytics cookies will be used for this site: "Utma", "utmb", "utmc", "utmt", "utmz" (detailed information about the cookies used by Google Analytics for the website can be found at https://developers.google.com/analytics / devguides / collection / analyticsjs / cookie usage).
The cookies listed are used for identifying the following statistical information on the visit and visitation of the Website and collected for this purpose:¬†
- How the Concerned Person reached the Website, by search engine, keyword, or link ("utmz" cookie)
- How many times the Concerned Person visited the Website ("utm" cookie)
- How long the Concerned Person has been on the Website, duration ("utma" cookie)
- When the Concerned Person first visited the Website ("utmc" cookie).
In addition, some cookies protect the website from overload ("utmt" cookie), and certain cookies used by Google Analytics for the analytical, statistical or security purposes will also record the IP address of the IT device used by the Concerned Person. Data storage is implemented on the IT device of the Concerned Person.¬†
Alveola uses Google Adwords as well as facebook remarketing codes on the Website. Remarketing codes contain cookies to tag visitors to the Website.¬†
The installed cookie will help that Alveola's products and services will appear for the Concerned Person and later other Google Display, or network sites and on facebook.¬†
The Concerned Person may disable cookies at any time and can personalize the ads on the Google Advertising settings interface.¬†
4. DATA OF ALVEOLA, AS A DATA CONTROLLER, SCOPE OF PERSONS ELIGIBLE FOR DATA PROCESSING
Name:¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬†Alveola Kereskedelmi √©s Szolg√°ltat√≥ Korl√°tolt FelelŇĎss√©gŇĪ T√°rsas√°g
Representative:Tam√°s Sz√≥r√°th, managing director
Address:¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬†1143 Budapest, Gizella u. 28/A.
E-mail:¬† ¬† ¬† ¬†¬†firstname.lastname@example.org¬†
Company registration number:01-09-567918¬†
VAT number:¬† ¬† ¬† ¬† ¬†12240911-2-42¬†¬†
Regarding the data provided by the Concerned People concerning the Website, Alveola's representatives and employees are entitled to manage data, whose work or responsibilities are affected by any purpose of data management.¬†
5. THE WAY TO STORE PERSONAL DATA,¬† DATA PROCESSORS
The servers of the Website are located at the headquarters of DotinDot Solutions Kft. (1138 Budapest, Faludi u. 3.).¬†
Please note that the data are also processed in electronic form, in online databases. The technical background of the databases is provided by Alveola in cooperation with the following providers such as data processors:
- Wanadis Kft. (Data Protection Regulation: https://maileon.hu/wp-content/uploads/Wanadis-Maileon_Adatvedelmi_Nyilatkozat1.pdf), as the news provider sending software provider;
- ITelligence Hungary Kft. (Data Protection Regulation: https://itelligencegroup.com/hu/privacy/),¬† as a supporting and developing partner of corporate governance system ;
- Google Inc. (Data Protection Regulation: https://www.google.com/intl/hu/policies/privacy/), as the provider of Google Analytics product analyst system; as well as
- Facebook Inc.¬† (Data Protection Regulation: https://www.Facebook.com/privacy/explanation#), as the provider of Facebook Custom advertising platform.
Data processors shall ensure that managing of data and data processing are maintained in all respects by maintaining the relevant legal provisions in force in the data subject and that the data controller shall take all necessary measures to ensure the protection of the data, and the data processing and data managing activity carried out by it meet all the legal requirements of data security.¬†
6.¬† THE SECURITY OF DATA MANAGEMENT:
The data controller and the data processor are aware of the nature of the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and objectives of data processing and the risk of varying probability and severity of the rights and freedoms of natural persons, both when defining the mode of data processing, and during data processing implementing appropriate technical and organizational measures, such as pseudonym, which are aimed on the one hand at integrating the data protection principles (e.g. effective implementation of data saving) on the other hand integrating the warranties required to meet the requirements of GDPR and safeguarding the rights of those concerned in the process of data management.
The data controller and the data processor shall take appropriate technical and organizational measures to ensure that, by default, only personal data are processed which are necessary for the specific data management purpose. In this context, special attention should be paid to the amount of personal data collected, the extent of their management process, the duration of their storage and their availability. These measures should in particular ensure that personal data, by default, cannot be made available to an indefinite number of individuals without the intervention of a natural person.
7. THE DATA PROTECTION OFFICER
The Data Controller shall designate a Data Protection Officer pursuant to Article 37 (1) of the GDPR ,¬† ¬† ¬† ¬† ¬†if the main activities of the data controller include data management operations which, by their nature, scope and/or purpose, require a regular and systematic, high level of surveillance of the Concerned People, or the main activities of the data controller include managing of a large number of personal data according to Articles 9 and 10 of the GDPR.
Alveola informs all Concerned People that it does not perform data processing under Articles 9 and 10 of the GDPR and the main activity of the data controller covers the operation of the User and the Newsletter database. These activities do not require regular and extensive monitoring of the Concerned people.¬†
For all these reasons, Alveola as a Data controller does not designate a Data Protection Officer, which decision, however, is reviewed every calendar year, according to the current state of the data management.
8. REPORTING OF DATA PROTECTION INCIDENT, INFORMING THE CONCERNED PERSON
Alveola shall report to the competent supervisory authority all data protection incidents without undue delay and, if possible, at the latest 72 hours after the data protection incident becomes known, unless the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons.¬†
If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, Alveola shall inform the Concerned people without undue delay about the data protection incident.¬†
Alveola shall provide clear and unambiguous information on the nature of the data protection incident and shall provide at least the information and measures referred to in Article 34 (2) of the GDPR.
Alveola shall not be obliged to inform the Concerned Person about the data protection incident, if any of the following conditions are met:¬†
- the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures of which accessing to personal data make the data unenforceable to persons who are not entitled to access to personal data;¬†
- after the data protection incident, the data controller has taken measures, that ensure that the high risk for the rights and freedoms of the Concerned Person will not be realized,¬†
- information would require a disproportionate effort.¬† In such cases, Concerned Person shall be informed by means of publicly disclosed information, or similar measures shall be taken which ensures the same effective information of the Concerned Person.
9. RIGHTS AND REMEDIES OF DATA MANAGEMENT OF CONCERNED PERSON¬†
Concerned Person is entitled to have, as provided for in Articles 12 to 22 of the GDPR
- the right to access and the right to information under which Alveola is obliged to disclose the rights of the Concerned Person and data protection incidents according to GDPR, and the information contained in Articles 13 and 15 of the GDPR.
- and he right to data storage, the right to correct and cancel, and the right to protest.¬†¬†
Accordingly, the data controller¬†
- shall inform the Concerned Person of the processing of his / her personal data, including information about the data processed by him/her or on behalf of the data processor, and the nature, legal basis, duration of the data processing, the name, address and data management activities of the data processor, the circumstances and effects of the data protection incident,¬† and the measures taken to remedy it (if there were any), and, in the case of transmission of the personal data of the Concerned Person, the legal basis and the addressee of the data transmission, and furthermore the data controller¬†
- corrects, deletes, or locks personal data provided by the Concerned Person (the deletion of the Concerned Data can be performed by himself/herself in the manner indicated in the registration, as well as the cancellation can be requested at the Customer Service of data controller).¬†¬†
Informing about the Rights¬†
The data controller shall take measures to fulfil the above, to provide every single information in a concise, transparent, understandable, and easily accessible form, in a clear and unambiguous form, especially for any information addressed to children.¬† The information shall be provided in writing or otherwise, including, where appropriate, the electronic form.¬† Verbal information may be provided at the request of the Concerned Person provided that the identity of the Concerned Person has been verified in some way.¬†
The Data Controller shall facilitate the exercise of the rights of the Concerned Person. The Data Controller informs the Concerned Person about the measures taken according to item 15-22 of GDPR without undue delay, but in any way within one month from the receipt of the request.¬†
If necessary, considering the complexity of the application and the number of applications, this deadline may be extended by two additional months.¬† The Data Controller shall inform the Concerned Person of the extension of the deadline by indicating the reasons for the delay within one month of receipt of the application.¬†
If such measures are not taken, the data controller informs the Concerned Person of the reasons without delay and at the latest within one month of the receipt of the application, about the reasons for the failure to act, as well as that the Concerned Person can submit a complaint to a supervisory authority and exercise its right of judicial redress.
Data controller shall provide information and measures as described above under Article 13 of the GDPR free of charge. If the request of the Concerned Person is manifestly unfounded or excessive, in particular because of its repeated nature, the data controller may charge a reasonable amount for the administrative costs incurred in providing the requested information or may refuse the action based on the application.¬† Proving of a manifestly unfounded or excessive nature of the request is borne by the data controller.¬†
Information and access to personal data¬†
Data controller shall, at the time of the receipt of personal data, make the information contained in Article 13 (1) to (2) of the GDPR available to the Concerned Person.¬†¬†
Concerned Person is entitled to receive feedback from the data controller as to whether his personal data is being processed and if such data processing is in progress, he/she is entitled to have access to personal information and the information contained in Article 15 (1) - (2) of the GDPR (the right of access of the Concerned Person).¬†¬†
The data controller shall provide a copy of the personal data that is the subject of the data processing to the Concerned Person.¬† For additional copies requested by the Concerned Person, the data controller may charge a reasonable fee based on administrative costs.¬† If the Concerned Person has applied electronically, the information shall be provided in a widely used electronic format, unless otherwise requested by the Concerned Person.¬†
The right to data storage
According to Article 20 of the GDPR, the Concerned Person is entitled to use the personal data provided to the data controller by him/her in a proportioned, widely used, machine readable format and is entitled to transfer this data to another data controller (the right to data transfer).
Correction, deletion, and protest
Concerned Person may for the future at any time have the right to withdraw its consent to its data processing without justification. The Concerned Person has the right to correct, delete and protest against the processing of data under Articles 16 to 18 of the GDPR.¬†
Accordingly, the Concerned Person is entitled to request that the data controller, without undue delay, delete personal data relating to him/her, and that the data controller is obliged to delete personal data relating to the Concerned Person without undue delay, when the personal data is no longer needed for the purpose they have been collected or otherwise processed. Pursuant to Article 6 (1) item (a) of GDPR the Concerned Person withdraws his/her consent building of the base of data processing, so data processing has no other legal basis. The Concerned Person protests against data processing and has no prior legitimate reason for data processing, the personal data has been unlawfully managed; or if for fulfilling the legal obligation provided for EU or Hungarian law personal data should be deleted.
Furthermore, the Concerned Person has the right to object to the managing of personal data provided by in accordance with Article 21 of the GDPR.¬† So, the Concerned Person is entitled to object to managing his/her personal information at any time for reasons related to his/her own situation.¬†¬†
In the event of a protest of the Concerned Person, the data controller may not process the personal data unless the data controller proves that the data processing is justified by legitimate enforceable reasons that have priority over the interests, rights, and freedoms of the Concerned Person, or which are related to the submission, validation, or protection of legal claims.
If the personal data is managed for direct business acquisition (such as sending a newsletter), the Concerned Person is entitled to protests against the processing of his/her personal information for this purpose any time.¬†
Right to Appeal
Concerned Person can send requests or communications information to ¬†e-mail address or to 1143 Budapest, Gizella u. 28/A postal address to Alveola by post.¬†¬†
In case of rejecting or failing to comply with the request or communication to the data controller the Concerned Person, during the exercising his/her rights to manage data, may apply for legal remedy to the National Data Protection and Disposal Authority (NAIH) or to the court.¬†
In addition, the Concerned Person
- in the event of violation of the rights to the processing of personal data,¬†
- for misuse of data or breach of the requirements of data security,¬†
- by violating the personal data of personality right or breaching the requirements of data security,
can bring an action at law according to 77-82 of GDPR.¬†¬†
The Concerned Person is entitled to all rights, remedies and other claims enforced by law, GDPR and Info Law.