Protecting your privacy is important to us and we recognize that your information must responsibly be used. The following statement will help you understand how Hungaro Ltd collects, uses, and safeguards your personal information.
This is the Privacy Statement of Hungaro Ltd, hereinafter Data Controller, as the operator of the website available at www.hufo.co.uk
In this Privacy Statement, Data Controller lays down his practice pertaining to the management of personal data included in the Customer Database of the web shop, organizational and technical measures taken to protect data, and information given of the rights of data subjects and the enforcement of such rights.
Data Controller declares to respect Customers’ rights to privacy. In consideration of these rights and fully respecting the provisions of Act CXII of 2011 on Information Self-Determination and Freedom of Information, Data Controller shall manage and record data given voluntarily by registered Customers only in the extent for which Customers gave their explicit consent.
1. DATA CONTROLLER’S INFORMATION
Name: HUNGARO LTD
Registered office: 79 Fawcett Road, Portsmouth, PO4 0DB
Commercial register number:
Data Controller’s tax identification number:
Data Controller’s email address: email@example.com
Data protection register number:
2. MANAGED DATA
Visitors may visit the website without disclosing their identity or providing any personal information. To purchase or order, Customer shall provide personal data. Registration is required for submitting an order. Data Controller shall require only such data that qualify as personal data pursuant to the definition included in Point 2, Section 3 of Act CXII of 2011 on Information Self-Determination and Freedom of Information. Data Controller shall not ask Customers to submit special data as defined in Point 3, Section 3 of the Act in any event. Data submitted by Customer shall be recorded in Data Controller’s Website Customer Database.
Personal data to be provided by Customers:
In the Customer Database, Customer’s buying habits are recorded including:
Data recording and management shall be done on the basis of Customers’ voluntary, informed and explicit consent. Before confirming an order, Customers are given the opportunity to review and accept this Privacy Statement. In order to submit an order, Customers shall review and accept the Privacy Statement.
3. LEGAL GROUND OF DATA MANAGEMENT
Data management shall be carried out on the basis of Point a), Paragraph (1), Section 5 of Act CXII of 2011 on Information Self-Determination and Freedom of Information with Customers’ voluntary consent.
4. PURPOSE OF DATA MANAGEMENT
Data Controller shall manage personal data and buying habits recorded in the Website Customer Database to
Data Controller may not use personal data for any other purpose than indicated. Each phase of data management shall comply with this purpose.
Data Controller shall not disclose personal data to third parties in any event without Customer’s explicit consent, with the exception of cases prescribed by law or required by administrative proceedings, or if Data Controller uses subcontractors (courier or postal service providers) to meet his contractual obligations. In the latter case, the subcontractor performing delivery services are bound by contractual terms to use Customers’ data only to fulfill contractual obligations. Subcontractors are not entitled to keep such data or disclose them to third parties for further use in any manner.
6. DURATION OF DATA MANAGEMENT
Data Controller keeps data until the expiration of warranty, that is a maximum of 10 years, or until data subjects’ request to erase data.
7. DATA DELETION
If, for some reason, the Contract concluded between Parties is not performed, or after 2 years from the performance of the Contract, Customer is entitled to request the deletion of personal data by sending such statement to Data Controller’s email address of firstname.lastname@example.org. Data Controller shall delete data within 5 working days upon receiving Customer’s request, and shall inform Customer of the deletion via email. Deleted data may not be recovered.
Data Controller shall inform Customer that if personal data is deleted within 10 years, warranty claims cannot be enforced.
8. SCOPE OF DATA PROCESSORS
Data Controller is entitled to process data. Data Controller may disclose personal data to third parties only for the purpose of data processing. Data Processors may process personal data that came to their knowledge only according to Controller’s instructions. They may not process data for their own purposes and they shall store and preserve data according to Data Controller’s instructions. Data Processor may use additional data processors according to Controller’s instructions.
This does not apply to occasional data transfers required by law, which may, however, take place only in extraordinary cases. Before fulfilling each data request of the authorities, Data Controller examines if the legal basis of data transfer really holds for each data.
The data and contact details of the current Data Processor of the Database are the same as Controller’s data given in Section 1.
The list of Data Processors are not complete. Data Controller reserves the right to employ an additional Data Processor whose name will be communicated separately, at the latest when he starts processing data.
9. DATA PROTECTION MEASURES
Data of the Customer Database are stored on Controller’s computer system.
IT tools selected by Data Controller and Data Processors are used to provide data management, data processing and data security. These systems ensure that data may be recorded, read, transfered, modified or deleted only by persons with appropriate authorization. The tools also guarantee that the integrity of data is preserved during processing.
Data Controller shall inform Customers that electronic messages transferred via the Internet are vulnerable to threats, which may result in fraudulent activities, information disclosures or modifications.
10. CUSTOMERS’ RIGHTS PERTAINING TO THE MANAGEMENT OF THEIR PERSONAL DATA
Having reviewed the Privacy Statement, it is Customer’s decision whether to submit personal data.
Customer may ask Data Controller to
Upon Customer’s request Data Controller shall provide information concerning the data relating to him, including those processed by a Data Processor on its behalf, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the Data Processor and on its activities relating to data processing, and if the personal data of the data subject is made available to others, the legal basis and the recipients. Data Controller must comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at Customer’s request, within not more than thirty days. The information shall be provided free of charge if Customer submits request for information to Data Controller for a category of data once a year. Additional information concerning the same category of data may be subject to a charge. The amount of such charge may be fixed
in an agreement between Parties. Where any payment is made in connection with data that was processed unlawfully, or the request led to rectification, the payment shall be refunded.
Where a personal data is deemed inaccurate, and the correct personal data is at Data Controller’s disposal, Data Controller shall rectify the personal data in question.
Personal data shall be erased if:
Personal data shall be blocked instead of erased if so requested by Customer, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the data subject. Personal data locked in this way may only be managed as long as the specific purpose of data management holds that ruled out the erasure of personal data.
If the accuracy of an item of personal data is contested by Customer and its accuracy or inaccuracy cannot be ascertained beyond doubt, the Data Controller shall mark that personal data for the purpose of referencing.
When a data is rectified, blocked, marked or erased, Customer and all recipients to whom it was transmitted for processing shall be notified. Notification is not required if it does not violate the rightful interest of the data subject in light of the purpose of processing. If Data Controller refuses to comply with Customer’s request for rectification, blocking or erasure, the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based shall be communicated in writing within thirty days of receipt of the request. Where rectification, blocking or erasure is refused, Data Controller shall inform Customer of the possibilities for seeking judicial remedy or lodging a complaint with the National Authority for Data Protection and Freedom of Information.
Requests for information of the management of data and for the rectification, blocking or erasure of data shall be sent to Data Controller’s email address email@example.com.
11. ENFORCEMENT OF RIGHTS
In the event Customer feels that Data Controller violated his rights to privacy, he may enforce his rights by turning to a civil court or to the National Authority for Data Protection and Freedom of Information. Act CXII of 2011 on Information Self-Determination and Freedom of Information includes detailed provisions for these proceedings and for the obligations of Data Controller.
Customer may object to the processing of his personal data, if processing or disclosure is carried out solely for the purpose of discharging Data Controller’s legal obligation or for enforcing the rights and legitimate interests of Data Controller, the recipient or a third party, unless processing is mandatory; if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and in all other cases prescribed by law.
In the event of objection, Data Controller shall investigate the cause of objection within the shortest possible time inside a fifteen day time period, adopt a decision as to merits and shall notify Customer in writing of its decision. If, according to the findings of Data Controller, Customer’s objection is justified, Controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection. If Customer disagrees with the decision taken by Data Controller, or if Controller fails to meet the deadline specified for making the decision, Customer may turn to court within thirty days of the date of delivery of the decision or from the last day of the time limit.
By making a purchase in the web shop, Customer accepts the content of the Privacy Statement, and gives its consent to Data Controller to manage his data as set forth in this statement.