Data Management and Data Protection Regulations
1. General provisions
1.1. Definition of Data Manager (hereinafter referred to as: „Data Manager”)
Name: SCOLOPENDRA Üzletviteli Tanácsadó Korlátolt Felelősségű Társaság
Seat: 2011 Budakalász, Kanonok utca 9.
Company registration number: 13-09-165749
Electronic availability: firstname.lastname@example.org
1.2. The Data Manager acknowledges to be bound by the contents of the present Data Management and Data Protection Regulations (hereinafter referred to as „Regulations”). The present Regulations extend to data management activities related to the service (hereinafter referred to as „Service”) provided by means of the web store (hereinafter referred to as „Web Store”) available at the webbbsite of www.scolopendra.hu (hereinafter referred to as "Website").
1.3. The Data Manager obliges itself that its data management activity is in compliance with the expectations defined in the present Regulations and the effective legal regulations. In the course of performing its data management activity the Data Manager shall proceed in accordance with the directly effective legal acts of the European Union and the data protection regulations of Hungary, in particular the provisions of the [Hungarian] Act CXII of 2011 on the right of informational self-determination and on the freedom of information (hereinafter referred to as "Itv.").
Affected party: any natural person who is, or can directly or indirectly be, identified based on specific personal data;
Personal data: any data that can be related to the Affected Party, in particular the name, identification mark of the Affected Party, or one or more features typical of the physical, physiological, mental, economic, cultural or social identity and the conclusion deductible from the data and relating to the Affected Party;
Approval: voluntary and definite expression of the will of the Affected Party, which expression is based on appropriate information and with which he/she gives his/her unmistakable consent to the management of the personal data related to him/her, whether such management being full-scope or extending to certain operations;
Data Manager: any natural person or legal entity or organisation without any legal personality determining the purpose of the data management independently or together with others and making and executing or causing the data processor to execute the decisions relating to data management (including the device used);
Data management: any operation or the entirety of operations performed with the data irrespective of the procedure applied, in particular the collection, recording, registration, systemisation, storage, alteration, utilisation, query, transmission, publication, harmonisation or connection, blocking, deletion and destruction of data, prevention of the further utilisation of data, preparation of photographs and audio and image recordings and recording physical features suitable for identifying persons (e.g. finger or palm print, DNS sample, iris image);
Deletion of data: making data unrecognisable in such a manner that their recovery is not possible any more.
3. Use of the Website, data management
3.1. The Website is operated by the Data Manager. The Data Manager stipulates that using any Service available from the Website is subject to preliminary registration.
3.2. Using the Website operated by the Data Manager and the Service provided on the Website is conditioned upon the Affected Party previously reading and accepting the entire content of the present Regulations.
3.3. Data are managed based on the voluntary declaration of the Affected Party, such declaration being based on appropriate information and including the express consent of the Affected Party to the utilisation of his/her personal data communicated while using the Website. By granting the consent the Affected Party also acknowledges to have become familiar with and to be bound by the provisions and conditions of the Regulations.
3.4. The manager of the personal data recorded in the course of the registration and placing the order shall be the Data Manager. In case the Affected Party voluntarily submits any of his/her personal data to the Data Manager, doing so he/she gives his/her express consent that the Data Manager registers and manages such data for the purpose and the period of time determined by the nature of the given service.
3.5. Applying cookies
a) What is a cookie?
Cookies are such small data sent by a website, which, if accepted by the browser, are stored in the memory or in a small file. Cookies are the fundamental elements of the web technology, enabling the website to remember the user and to ensure rich functionality but they also have data protection concerns as they may serve to monitor visitors. Cookies operate between the browser and the website providing the cookie, so no third parties can read the content of the cookie. However, the website may cooperate with any third party providing cookies for the provision of visitors, statistics or other services.
b) The Data Manager uses the cookies for the following:
- collecting information about the use habits of the visitors of the Website in the course browsing in order to prepare anonymous statistics about the use habits. By this our aim is to forward information material to visitors in a more targeted manner to them;
- identifying visitors in order to enable the user e.g. to log in or to use the cart;
- recording the information on your individual preferences while you are browsing on the Website.
Many browsers provide options such as „private browsing” or „do not store history”, which enable the complete use of the websites having cookies without allowing long-term storage. Another frequent data protection possibility is deleting history manually, if necessary.
4. Purpose of Data Management
4.1. The purpose of data management is to ensure the provision of the Service available on the Website. In connection with its service activity the Data Manager shall manage the personal data of the registered Affected Parties exclusively for the following purposes: identification, concluding the contract, performing orders and the obligations related to invoicing, maintaining contact with the Affected Party and preparing statistics in order to develop the information system technologically and to protect the rights of users. The Data Manager shall only handle personal data essential for implementing and suitable for achieving the purpose of data management. The Data Manager shall only handle the personal data to the extent and for the period necessary for the implementation of the purpose. In each case when the Data Manager wishes to use the provided data for a purpose other than the purpose of the original registration, the Data Manager shall inform the Affected Party accordingly and obtain for this his/her preliminary consent and shall enable him/her to withdraw such consent subsequently anytime.
4.2. In the course of managing the data the Data Manager shall ensure that the Affected Party can only be identified for a period necessary for the purpose of the data management.
4.3. The Data Manager shall not forward any personal data managed by it to any third party without the consent of the Affected Party, with the exception of mandatory cases specified by any legal regulation or enforceable judicial or official decision.
4.4. The Data Manager shall protect his/her/its database with due diligence from any unauthorised intruder and shall ensure that the personal data cannot be accessed by any unauthorised person. In order to avoid any unauthorised utilisation of personal data and any misuse related thereto, the Data Manager shall ensure the existence of the data safety requirements specified under Section 7 of the Itv. The Service Provider obliges itself also to take the technical actions ensuring that the registered, stored and managed data are protected and shall do everything to prevent their destruction, unauthorised utilisation and unauthorised modification. The Affected Parties shall observe the provisions of the Regulations and shall proceed in good faith. At the same time, the Data Manager declares that it does not assume any liability for any damage of the database, phishing or any other damage resulting from any attack against or any unauthorised intrusion into the system.
4.5. The Data Manager shall not control the personal data provided to it. Exclusively the person providing the data shall be responsible for the appropriateness and trueness of such data. Upon providing his/her e-mail address, any Affected Party shall also assume liability that exclusively he/she will use the Service from the e-mail address provided.
5.1. In the course of registration the Affected Party shall provide true and complete information and shall modify the registration data in case of any change. The Data Manager shall attach to the order the data valid at the moment of submission.
5.2. In the course of registration and placing the order it is mandatory for the Affected Parties to provide the following personal data when filling the data entry fields: name, residential address (country, postal code, city and type, name and number of public area), invoice address (if different from residential address), e-mail address and telephone number. In the absence of the above the Service offered on the Website cannot be used.
5.3. In case the data provided by the Affected Party is false, incomplete or inaccurate or if the conditions of the present Regulations or the relevant legal regulations are violated, the Data Manager shall be entitled to partly or completely suspend or to terminate the accessibility of the Website for the Affected Party.
5.4. The system does not store the data of fields left off or filled completely after having left the Website anywhere.
6. Information on and modification and deletion of data
6.1. The Affected Party may initiate being given information on his/her personal data at the Data Manager electronically. The Data Manager shall provide, in a form easy to understand, the information on the data managed by it and the purpose, legal basis and duration of the data management within the shortest possible time from the submission of the application but not later than within 10 days.
6.2. The Affected Party shall be entitled to modify and delete his/her data in his/her own personal profile.
6.3. The Data Manager shall store the personal data until the Affected Party deletes them. In case of deletion the Data Manager shall make the data provided earlier unrecognisable within eight days in such a manner that they cannot be recovered any more. Deletion shall not apply to the data management obligations existing based on any legal regulation (e.g. regulation on accounting) and the Service Provider shall preserve such data for the necessary period of time.
7. Final provisions
7.1. In respect of the provisions included in the Regulations the provisons of the Hungarian law shall prevail. Should arise any dispute the parties cannot settle amicably out of court, such dispute shall be settled before the Hungarian courts having the appropriate scope of authority and jurisdiction.
7.2. The Data Manager reserves the right to change the present Regulations within the framework of the relevant legal regulations anytime. In case of any change the Data Manager shall publish the actually effective wording on the Website.
7.3. Should you have any question or observation in connection with the Data Protection Declaration, please write an e-mail to: email@example.com.
7.4. Based on the Itv. and the [Hungarian] Civil Code (Act V of 2013), the Affected Party can enforce his/her rights before a court and can turn to the National Authority for Data Protection and Freedom of Information (NAIH, 1125 Budapest, Szilágyi Erzsébet fasor 22/C) in case of any claim having arisen in connection with the data management practice of the Data Manager.
7.5. In case the Affected Party has provided the data of any third party in the course of the registration for using the service, or has caused any damage while using the Website, the Service Provider shall be entitled to enforce an indemnification claim against the User. In such cases the Service Provider shall do the best it can to help the proceeding authorities in order to identify the person violating the law.