logo

2020 ÓTA – 10.000+ SIKERES VÁSÁRLÁS

PRIVACY POLICY AND PRIVACY NOTICE

Arvali Kft., as the data controller according to the data below, is the The processing of personal data of users of the website www.gyorstesztlabor.hu is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation, hereinafter referred to as the “General Data Protection Regulation”: GDPR), this Privacy and Data Protection Notice is issued to inform data subjects in advance and to facilitate the exercise of their rights.

THE MANAGER

The data controller operating the webshop www.gyorstesztlabor.hu (hereinafter: Webshop):

Company name: Arvali Ltd.
Headquarters: 1054 Budapest, Szabadság tér 7. 1.em.

Company registration number: 13-09-177562

Tax number: 14586941-2-41

Phone number: +36 20 779 3350
E-mail address: info@alabpharma.hu
Webshop: www.gyorstesztlabor.hu
Represented by Attila Karvalics Managing Partner   (hereinafter referred to as the Data Controller) 

PRINCIPLES OF DATA MANAGEMENT

The Data Controller processes personal data lawfully, fairly and in a transparent manner for the data subject. The Data Controller collects personal data only for specified, explicit and legitimate purposes and processes them only in a manner compatible with those purposes. It strives to ensure that the data it handles is appropriate, relevant, accurate and up-to-date. The Data Controller shall ensure the rights of the data subject and shall take the necessary measures to ensure the lawfulness of data processing at all stages, and shall ensure the integrity and confidentiality of personal data.

DATA PROCESSING ACTIVITIES

  1.  Data management activities in the Webshop

The Webshop collects and processes personal data solely for the performance of a contract (including the steps required prior to the conclusion of a contract) and on the basis of the consent of the data subjects, as detailed below in this notice.

  1. a) To fulfil orders for products available on the Webshop

When ordering products available in the Webshop, the visitor (customer) selects the product to be purchased according to the steps set out in the Terms and Conditions, which will be added to the shopping cart. If you proceed with the purchase, we will collect the personal data of the customer as defined below in order to fulfil your order.

Personal data processed: name, telephone number, e-mail address, address

Legal basis for processing: performance of a contract (GDPR 6. Article (1)(b))

Duration of data processing: if a contract is concluded between the data subject and the Data Controller, five years from the date of performance (termination of the contract), unless a longer warranty period is specified by law for the product in question. Data not related to the enforcement of claims shall be deleted by the Data Controller if the purpose of the processing ceases to exist or if the data subject so requests.

Possible consequences of not providing the data: we will not be able to fulfil the order placed in the online shop.

  1. b) In the case of an abandoned purchase by the data subject, to complete or cancel the order

If the visitor starts shopping, adds one or more products to his shopping cart, but then leaves the Webshop without completing the purchase, the Data Controller will send two e-mails (within 2 and 24 hours after the completion of the purchase) to the e-mail address previously provided by the data subject, in order to clarify whether the interruption of the purchase was indeed in accordance with the will of the customer concerned. 

Personal data processed: e-mail address

Legal basis for processing: performance of a contract (GDPR 6. Article (1)(b))

Duration of data processing: if the clarification results in a contract between the data subject and the Data Controller, in that case five years from the date of performance (termination of the contract), unless a longer warranty period is specified by law for the product in question. Data not related to the enforcement of claims shall be deleted by the Data Controller if the purpose of the processing ceases to exist or if the data subject so requests.

Possible consequences of non-disclosure: the interruption of the purchase remains definitive, even if this was not the Data Subject’s intention

  1. c) For the purpose of sending a newsletter

In the Webshop, visitors can subscribe to the Controller’s newsletters by entering their email address. Consent can be withdrawn at any time, and information on how to unsubscribe is included in each newsletter.

Legal basis for processing: consent of the data subject (GDPR 6. Article (1)(1). point a))
Personal data processed: email address
Duration of processing: until consent is withdrawn

You can withdraw your consent at any time, with effect for the future, by sending an e-mail to info@arvalicom.com hu or by unsubscribing at the bottom of the newsletters.

Possible consequences of not providing the data: the User will not receive notifications, information and other information about news, promotions, discounts.

  The means used by the Controller to support its current activities, such as those provided by Google Customer Personal Data, may be transferred to a country outside the European Economic Area, in particular to the United States, or to another country where the means for processing Personal Data are maintained by an organisation cooperating with the Controller in cooperation with the Controller.

The Data Controller shall ensure adequate security of Personal Data by applying standard data protection clauses adopted by the European Commission and contracts for the transfer of data that comply with the requirements of the GDPR.

For data transferred from Europe to the US, some organisations in the US may provide an adequate level of data protection under the Privacy Shield (for more information, see https://www.privacyshield.gov/).

The Customer has the right to obtain a copy of the Personal Data transferred to a third country by contacting us.

  1. Data transmission

The personal data provided when using the Webshop may only be transferred to the data processors named in this notice. Transmission of personal data 3. to a person (public authority, etc.) beyond this may only take place if it is required by law (EU or Hungarian) which does not allow for derogation, in which case in the manner and under the conditions provided for by that law.

  1. Use of cookies (analytics, shopping assistance and product recommendation services)

Cookies are used in the Web Store. Cookies are small pieces of data that are temporarily transferred from the browser to the hard drive of the visitor’s computer. Cookies can serve various purposes, some are essential for the functioning of the site (“process cookies”), others collect information about the use of the website (analytics, statistics: “usage cookies”), which make the subsequent use of the Website more convenient and practical. Other cookies are ad-related cookies, which help us to show visitors to the Store the ads that are most relevant to them.

A cookie is a variable alphanumeric packet of information sent by the web server, which is stored on the User’s computer and stored for a predetermined period of time. The cookies application allows you to request certain information about the visitor and to track their internet usage. The cookies help us to track the interests, internet usage habits and webshop visit history of the User concerned, in order to optimise the User’s shopping experience. Since cookies act as a kind of tag that allows the website to recognise a visitor returning to the site, they can also be used to store a valid username and password for that site. If the browser returns a cookie that was previously saved, the cookie provider can link the user’s current visit to previous visits, but only for its own content.

The information sent by the cookies makes it easier for internet browsers to recognise them, so that Users can receive relevant and “personalised” content. Cookies make browsing more convenient, by which we mean online privacy needs and relevant advertising. The cookie also allows the Service Provider to compile anonymous statistics about the habits of visitors to the site, so that we can further personalise the look and feel of the site.

The website uses two types of cookies:

– Temporary cookies – session-id cookies that are essential for using the site. Their use is essential for navigating the website and for the functionality of the website. Without their acceptance, the Webshop or certain parts of it will not be displayed, browsing will be blocked, adding tickets to the shopping cart or making a bank payment will not be possible. 

– Persistent cookies, which, depending on the web browser setting, may remain on the device for a longer period of time or until they are deleted by the User. Within these, you can feed from an internal or external cooker. If the Service Provider’s web server installs the cookie and the data is transferred to its own database, this is called an internal cookie. If the cookie is installed by the Service Provider’s web server, but the data is transferred to an external service provider, it is called an external cookie. Such external cookies include third-party cookies placed by third parties in the User’s browser (Google Analytics, Facebook Pixel). They are placed in the browser if the website you are visiting uses services provided by third parties.  The aim of the permanent cookies is to ensure that the site functions to the highest possible standard in order to enhance the user experience.

When visiting the website, the User may give his/her consent to the storage of permanent cookies on the User’s computer and their access by the Service Provider by clicking on the button on the cookie warning on the login page.

The User can use the browser program to set and block cookie-related activity. You can usually manage cookies by going to the Tools/Preferences menu of your browser and selecting Privacy/Preferences/Custom Settings, and then selecting the cookie, cookie or tracking option. Please note that in the latter case, without the use of cookies, the User may not be able to use all the services of the website, in particular the payment services. For more information about cookies, please click on the “More information” button in the cookie warning bar on the Ticket.com page.

The purpose of data processing is: to process payment transactions with the payment service provider, to identify and distinguish users, to identify users’ current session, to store the data provided during the session, to prevent data loss, to identify and track users, to measure web analytics.

Legal basis for processing: voluntary consent of the data subject, GDPR 6. Article (1)(1). point a).

The data processed include: ID number, date, time and the page previously visited.

Duration of data processing: temporary cookies are stored until all browsers of the given type are closed by the user. Permanent cookies are stored on the user’s computer for 1 year or until they are deleted by the User.

Possible consequences of not providing data: incomplete use of the services of the online shop, failure of payment transactions, inaccuracy of analytical measurements.

  1.   Automated data processing – Profiling

The display of ads on our website is based on automated decision-making. 

Purpose of the processing: profiling helps to ensure that the User is presented with relevant, personalised offers in the website and newsletter recommendations. Profiling helps the data processor to tailor the best offer for your customers.

Legal basis for processing: voluntary consent of the data subject, GDPR 6. Article (1)(1). point a).

Scope of the data processed: e-mail, name, address, information related to the use of the site (time of visit, duration, pages viewed, click-throughs, use of the search engine), use of the shopping cart (order ID, products, their product categories, values), purchases (date of transaction, value, product, its category, discount used, payment method), technical information (IP address, cookie identifier, browser type, device type, Google, Facebook, Hotjar, Findgore, Prefixbox identifiers, source page), newsletter and notification message usage data (email opening time, device, links clicked, purchase data), data related to the use of the blog system (comments, ratings, links clicked), data related to the use of the blog system (comments, reviews, links clicked).

The logic of profiling: by using the cookie technologies we use on our website, we can learn about users’ preferences – for example, by analysing how often they visit our website and what products they search for most. Analysing online behaviour helps us to understand users’ preferences and expectations and to adapt to their needs and interests.

The impact of profiling on the data subject: this technology allows us to not only deliver personalised advertising to the user and offer them the best available offers to meet their needs, but also to create and present unique offers, promotions or discounts that are not available to other customers. If a user disables cookies that allow the display of ads tailored to their interests, this does not mean that they will not receive any ads when using our or other websites – in this case, the user will still receive the same amount of ads, with the difference that the ads will not be related to their current activity. The fact that cookies allow us to access information about users’ activity on the Internet allows us to carry out market and statistical analyses.

Deadline for deleting data: the Service Provider will process the data provided until the User prohibits the use of the data for such purposes by unsubscribing.

Possible consequences of not providing the data: offers that are not relevant for the User will appear on the website and in the newsletters, the User will not be able to use the registration-related convenience services.

  1. Logging

When you visit the  Web Store, the web server does not log your activity.

  1. Accounting

Legal basis for processing: to comply with our legal obligations relating to accounting and taxation (GDPR 6. Article (1)(1). c))

Personal data processed: name, address

Duration of data processing: the retention period required by the applicable accounting legislation (currently the end of the 8th year from the date of issue of the invoice)

Possible consequences of non-disclosure: breaches of accounting and tax legislation

  1. Issue of invoice

Legal basis for processing: to comply with legal obligations to which the controller is subject (GDPR 6. Article (1)(1). c))
.
Personal data processed: name, address

Duration of data processing: the retention period required by the applicable accounting legislation (currently the end of the 8th year from the date of issue of the invoice)

Possible consequences of non-disclosure: non-compliance with the legislation on issuing invoices

 

DATA PROCESSORS

In order to ensure the operation of the Webshop and the high quality service of orders placed through the Webshop, the Data Controller uses the assistance of the following data processors. Data processors carry out their activities in accordance with the GDPR and the rules of the contract concluded with them, and in accordance with the instructions of the controller.

  1. Storage space service

Activity provided by the data processor: Hosting

Storage provider: EZIT Kft,

Address: 1132 Budapest, Victor Hugo utca. 18-22.

Tax number: 23493474-2-41

company registration number: 01-09-968191

Phone 0-24: +36 1 700 40 30

E-mail: info@ezit.hu

 

  1. Accounting

Company name: Acco-Account Kft

Office: 1162.Budapest, Muzsika u.71.;

Company registration number: 01-09-464407;

Data management activities: accounting required by tax and accounting legislation,

accounting activities

 

  1. Issuing an account

Name: KBOSS.hu Trading and Service Provider Limited Liability Company (szamlazz.hu)

Registered office: 1031 Budapest, Záhony utca 7.

Company registration number: 01-09-303201

E-mail: info@szamlazz.hu

Data management activity: supporting documents required by accounting and tax legislation

emissions activities.

 

  1. Newsletters

MAILERLITE UAB

Paupio g. 46 11341 Vilnius, Lithuania

info@mailerlite.com

Privacy notice: https://www.mailerlite.com/privacy-policy

(Access to the name and email address of the subscriber.)

 

  1. Product support

Company name: Criteo SA

Location: 32 Rue Blanche, 75009 Paris, France

Company registration number: 484 786 249 RCS Paris

Company name: Google Ireland Limited

Headquarters: Gordon House Barrow Street Dublin 4 Ireland

Company registration number: IE6388047V

Company name: Facebook Ireland Limited

Location: 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland

Company registration number: IE9692928F

Company name: EMARSYS eMarketing SystemsAG

Address: Märzstraße 1 1150 Wien

Company registration number: ATU50359801

Data management activity: using cookies to track users’ browsing and page visits

record your habits for the purpose of product recommendation and shopping facilitation services

 

ADATABILITY

The Data Controller shall ensure the security of the data, shall take the technical and organisational measures and shall establish the procedural rules to ensure the implementation of the data security requirement.

The Data Controller shall keep records of the data processed by it in accordance with the applicable laws, ensuring that the data may be known only to those employees and other persons acting in the interests of the Data Controller who need to know it in order to perform their job or task. All persons acting on behalf of the Data Controller are entitled to access only the data whose processing is necessary for the performance of the named person’s duties. The named persons are obliged to keep the data confidential.

The Data Controller shall take into account the state of the art when defining and applying measures for data security. The Data Controller shall choose among several possible data processing solutions the one which ensures a higher level of protection of personal data, unless this would involve a disproportionate effort.

Protection of IT records

The Data Controller shall ensure, in particular, in the context of its IT security responsibilities:

  • measures to protect against unauthorised access, including the protection of software and hardware devices and physical protection (access protection, network protection);
  • measures to ensure that data files can be recovered, including regular backups and separate secure management of copies (mirroring, backups);
  • protecting data against viruses (virus protection);
  • the physical protection of data files and the media on which they are stored, including protection against fire, water, lightning and other natural hazards, and the recoverability of damage caused by such events (archiving, fire protection).

Protection of paper records

The Data Controller shall take the necessary measures to protect paper records, in particular with regard to physical security and fire protection. Employees and other persons acting on behalf of the Data Controller shall keep secure the data media containing personal data which they use or have in their possession, regardless of the means of recording the data, and shall protect them against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or damage.

INFORMATION ON THE RIGHTS OF THE DATA SUBJECT AND THE EXERCISE OF HIS OR HER RIGHTS

  1. Rights of the data subject
  2. a) Information and access to personal data

The data subject shall have the right to obtain from the controller information about the processing of his or her personal data, in particular the purposes and categories of processing, the possible recipients, the duration of storage and, where the personal data have not been collected from the data subject, the source of the data.

  1. b) Right to rectification

The data subject has the right to request that inaccurate data relating to him or her be corrected by the Data Controller without undue delay.

  1. c) Right of cancellation

The data subject has the right to withdraw his or her consent at any time and to request the erasure of his or her data. The Data Controller is obliged to delete personal data relating to the data subject without undue delay if.

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed;
  • the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  • personal data are collected in connection with the provision of information society services directly to children.

Cancellation may be refused if.

  • the data are necessary for the exercise of the right to freedom of expression and information, or
  • where the processing of personal data is authorised by law; and
  • necessary for the establishment, exercise or defence of legal claims.

In any case, the Data Controller shall inform the data subject of the refusal of a request for erasure, indicating the reasons for the refusal. Once a request for erasure of personal data has been complied with, the previous (erased) data can no longer be restored.

  1. d) Right to be forgotten

If the Controller has disclosed the personal data and is required to delete it pursuant to point (c) above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.

  1. e) Right to restriction

The data subject may request that the Controller restricts the processing of his or her personal data if.

  • contest the accuracy of the personal data processed; or
  • the processing is unlawful but the data subject opposes the erasure of the personal data processed, or
  • the purpose of the processing has been fulfilled, but the data subject requires the processing of personal data by the Controller for the establishment, exercise or defence of legal claims.

 

In the case of restriction, personal data subject to restriction may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the European Union or of a Member State.

  1. f) Right to data portability

The data subject has the right to have his or her personal data processed by automated means on the basis of his or her consent or on the basis of the processing of a contract transferred to him or her in a structured, commonly used, machine-readable format and/or, where technically feasible, to another controller.

  1. g) Right to object

If the processing is based on the legitimate interests of the Data Controller or a third party, the data subject has the right to object to the processing of his or her personal data at any time on grounds relating to his or her particular situation. In such a case, the Controller may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims, including profiling based on those provisions.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

  1. h) Prevent automated decision-making and profiling

The data subject has the right not to be subject to a decision, including a decision involving a measure, based solely on automated processing, which is based on an evaluation of certain personal aspects relating to him or her and which produces legal effects concerning him or her or similarly significantly affects him or her. Such processing includes “profiling”. The above right shall not apply where processing is necessary for entering into, or the performance of, a contract between the data subject and the controller; is permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or is based on the data subject’s explicit consent. 

 

In the case of such processing, the data subject has the right to request and obtain human intervention, in particular to express his or her point of view, to obtain an explanation of the decision taken on the basis of such assessment and to contest the decision. Such a measure may not apply to a child.

  1. Enforcing the rights of the data subject
  2. a) The data subject may contact the Data Controller’s staff with any requests, questions or comments regarding the processing of his or her personal data by sending an e-mail to info@arvalicom.com or by writing to the Data Controller at 1036 Budapest, Lajos u. 74-76. fszt. 4. in a letter sent to your postal address.
  3. b) The Data Controller shall facilitate the exercise of the above rights by the data subject. The Data Controller shall inform the data subject of the action taken on the request without undue delay and in any event within one month of receipt of the request. If necessary, taking into account the complexity of the application and the number of requests, this deadline may be extended by a further two months. The Data Controller shall inform the data subject of the extension of the deadline within one month of receipt of the request, stating the reasons for the delay. If the data subject has made the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.
  4. (c) If the controller fails to act on the data subject’s request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.
  5. (d) The information and action referred to in points (b) to (c) above shall be provided free of charge. Where the data subject’s request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Data Controller shall, taking into account the administrative costs of providing the information or information requested or of taking the action requested:
  6. da) charge a reasonable fee; or
  7. (db) refuse to act on the request.

The burden of proving that the request is manifestly unfounded or excessive lies with the controller.

  1. e) The data subject may lodge a complaint directly with the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu), or in case of violation of his/her rights, he/she may also turn to court. The court is acting out of turn in the case. In the latter case, the court has jurisdiction to hear the case. The action may also be brought before the court of the person’s domicile or residence, at the person’s choice. (for a list of courts and their contact details, please visit http://birosag.hu/torvenyszekek).

Budapest, 2020. 23 April.

 

Kosár