Privacy policy

Introduction

Supreme Pharmatech Hungary Kft. (headquarters: 1082 Budapest, Corvin sétány 1/A 8. floor. 4., company registration number: 01-09-382870) (hereinafter referred to as the "Service Provider", "Data Controller") is governed by the following Privacy Policy.

The present Privacy Policy is continuously available on the following website: axelpharmatech.shop

Any amendments to this Privacy Policy shall enter into force upon publication at the above address.

Legal basis for data processing: data processing is based on the consent of the data subject and on the following legal provisions: Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter referred to as "Elker tv.") 13/A. § (3).

Thedata subjects are: all Users registered on the webshop website operated by the Service Provider.

The data processed are: the password provided by the Customer, the first and last name of the contact person, e-mail address, telephone number, delivery address and name, billing name and address (in the case of legal entities: company name, tax number, payment method, comment), date of registration, IP address at the time of registration.

Data subjects: all Users registered on the webshop website.

Purpose of data processing: full use of the website operated by the Service Provider, e.g. creation of a contract for the provision of services, purchase, definition of its content, modification, monitoring of its performance, invoicing of the fees arising from it, as well as the enforcement of claims related to it. With the specific consent of the User, the Service Provider may process the personal data of Users as defined above for the purpose of sending newsletters or other direct marketing mailings.

Duration of processing, deadline for deletion of data. However, the Service Provider informs the users that in case of withdrawal of consent, the use of the website cannot be provided and therefore it is considered as cancellation of the registration.

The Service Provider informs the users that in the case of accounting documents, pursuant to paragraph 169 (2) of Act C of 2000 on Accounting, paragraph 169 of the Act C of 2000 on Accounting, § accounting documents must be kept for 8 years, which is also considered as the mandatory retention period of the data contained therein. In addition to the above, the Service Provider shall keep the data specified above for as long as required by the applicable legislation.

Possible data controllers entitled to access the data.

Description of data subjects' rights in relation to data processing.
The data subject may request the deletion or modification of personal data by sending an e-mail to:
- by post to 1082 Budapest, Corvin sétány 1/A 8. floor. 4. at
- by e-mail at [email protected]

Other principles followed by the Service Provider in connection with the operation of the webshop in accordance with the applicable legislation (non-exclusive list):
- The Service Provider may process personal data that are technically necessary for the provision of the service. The Service Provider must, other things being equal, choose and in any case operate the means used to provide the information society service in such a way that personal data are processed only when strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Law, but even then only to the extent and for the duration necessary.
- The Service Provider may, for the purpose of invoicing the fees resulting from a contract for the provision of an information society service, process natural person identification data, address, and data relating to the time, duration and place of use of the information society service.
- The Service Provider may process data relating to the use of the service for any other purposes, in particular to improve the effectiveness of its service, to deliver electronic advertising or other targeted content to the recipient, to conduct market research, only with the prior specification of the purpose of the processing and with the consent of the recipient.

Deletion of data: the Service Provider shall delete the processed data in the event of the non-conclusion of the contract, the termination of the contract and after invoicing (except in the case of mandatory data retention required by law). The Service Provider shall also delete the data if the purpose of the processing ceases to exist or if the user so requests. Unless otherwise provided by law, the deletion shall be carried out without undue delay.

The service provider must ensure that the user can find out at any time before and during the use of the information society service which types of data are processed by the service provider for which data processing purposes, including the processing of data that cannot be directly linked to the user.

Management of cookies

Cookies specific to webshops are so-called "password-protected session cookies", "shopping cart cookies" and "security cookies", the use of which does not require the prior consent of the data subject.

Legal basis for processing: processing is based on the data subject's consent. The consent of the data subject is not required where the sole purpose of the use of cookies is to provide a communication over an electronic communications network or where the use of cookies is strictly necessary for the provision of an information society service explicitly requested by the subscriber or user.

Thefact of processing, scope of the data processed: unique identifier, dates and times related to the use of the website

Data subjects .

Purpose of data processing: identification of users, registration of the "shopping basket" and tracking of visitors.

Duration of data processing, time limit for deletion of data: the duration of data processing in the case of session cookies is until the end of the visit to the websites.

Potential data controllers: personal data may be processed by the controller's staff or, in the case of a separate written processing contract, by subcontractors engaged by the controller, in compliance with the data protection legislation in force at the time.

Description of the data subjects' rights in relation to data processing.

Identity of the data controllers who may access the data: personal data may be processed by the controller's staff or, in the case of a separate written processing contract, by subcontractors engaged by the controller, in compliance with the data protection legislation in force at the time. The Service Provider measures the traffic data of the webshop by using the Google Analytics service. Data is transmitted when using this service. The data transmitted cannot be used to identify the data subject. For more information about the data protection principles of Goggle, please click here: http://www.google.hu/policies/privacy/ads/

Newsletter, DM activity

Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, No. 5. (1) a) of the Info Act, the User may expressly consent in advance to the Service Provider contacting him with advertising offers and other mailings at the contact details provided at the time of registration, and to the Service Provider processing his personal data for the purpose of sending advertising offers. In this case, the Service Provider will immediately delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. The User can unsubscribe from the advertising by clicking on the link in the message.

The fact of data processing, the scope of data processed: name, e-mail address, date, time.

Data subjects: all data subjects who subscribe to the newsletter.

Purpose of the processing: to send electronic messages containing advertising to the data subject, to provide information on current information, products, promotions, new features, etc.

Duration of the processing, deadline for deletion of data: processing until the consent is withdrawn, i.e. until the unsubscription.

Possible data controllers: personal data may be processed by the controller's staff or, in the case of a separate written processing contract, by subcontractors engaged by the controller, in compliance with the data protection legislation in force.



Description of data subjects' rights in relation to data processing. The Service Provider, as the data controller, shall provide the information requested by the customer in writing and in an intelligible form within the shortest possible time from the date of the request for information, but not later than 30 days. If you have any questions or doubts about the data processed by the Service Provider or if you wish to obtain clarification about your data, you may do so by sending an e-mail to [email protected] a detailed explanation of the rights of data subjects in relation to the processing of their personal data and their means of redress, please refer to the chapters on Data Subject Rights and Redress. The advertiser, the advertising service provider or the advertisement publisher shall keep a record of the personal data of the persons who have given their consent within the scope of the consent. 5. (1) a), and paragraph 13/A. (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

The fact of processing, the scope of the data processed.

Purpose of data processing: to provide the functions of the website.

Duration of data processing, time limit for deletion of data: data processing lasts until the withdrawal of the data subject's consent.

Potential data controllers who may access the data: personal data may be processed as data processors by the following, in compliance with the applicable legislation. Parcels are delivered by GLS Courier Service: Tel: (+36 29) 886 700, Mobile: (+36 20) 890-0660, Opening hours: 7:00-20:00 on working days, [email protected]

Data protection rules: https://gls-group.eu/HU/hu/altalanos-uzleti-feltetelek

Description of data subjects' rights in relation to data processing. The Service Provider, as the data controller, shall provide the information requested by the customer in writing and in an intelligible form within the shortest possible time from the date of the request for information, but not later than 30 days. If you have any questions or doubts about the data processed by the Service Provider or if you wish to obtain clarification about your data, you can do so by sending an e-mail to [email protected]. For a detailed explanation of the rights of data subjects in relation to the processing of data and their legal remedies, please refer to the chapters on the Rights of Data Subjects and Legal Remedies

. 5. (1) a), and paragraph 13/A. (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services . (E) Data security The controller shall design and implement data processing operations in such a way as to ensure the protection of the privacy of data subjects. The data controller or the data processor in the scope of his/her activities shall ensure the security of the data, and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the Info Act and other data protection and confidentiality rules. Data must be protected by appropriate measures, in particular against unauthorised access, alteration, transmission, disclosure, deletion or destruction, accidental destruction or damage, and against inaccessibility resulting from changes in the technology used. In order to protect the electronically managed data files in the various registers, appropriate technical arrangements should be in place to ensure that data stored in the registers cannot be directly linked and attributed to the data subject, except where permitted by law. Additional measures should be taken by the controller and the processor to ensure that, when personal data are processed by automated means:- preventing unauthorised data input; - preventing the use of automated data processing systems by unauthorised persons by means of data transmission equipment; - verifiability and ascertainability of the bodies to which personal data have been or may be transmitted by means of data transmission equipment;- the verifiability and ascertainability of which personal data have been introduced into automated data processing systems, when and by whom; - the recoverability of the installed systems in the event of a malfunction and - the reporting of errors in automated processing.The controller and the processor shall take into account the state of the art when defining and implementing data security measures. Among several possible data processing solutions, the one which ensures a higher level of protection of personal data should be chosen, unless this would impose a disproportionate burden on the controller. § §

Data subjects' rights in relation to all processing

The data subject may request the Service Provider to provide information on the processing of his or her personal data, request the rectification of his or her personal data and request the erasure or blocking of his or her personal data, except for mandatory processing. At the request of the data subject, the controller shall provide information on the data of the data subject processed by the controller or by a processor to whom the data subject has delegated the processing, on the source of the data, the purposes, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing, and, in the case of the transfer of the data subject's personal data, the legal basis and the recipient of the transfer. For the purposes of monitoring the lawfulness of the transfer and informing the data subject, the controller shall keep a record of the transfer, including the date of the transfer of personal data processed by the controller, the legal basis and the recipient of the transfer, the scope of the personal data transferred and other information specified in the law providing for the processing. The controller shall provide the information in writing in an intelligible form, at the request of the data subject, as soon as possible after the request, but not later than 30 days after the request. The information shall be provided free of charge. At the request of the User, the Service Provider shall provide information on the data processed by it, their source, the purpose, legal basis and duration of the processing, the name and address of any data processor and its activities in relation to the processing, and, in the case of the transfer of personal data of the data subject, the legal basis and the recipient of the transfer. The service provider shall provide the information in writing and in an intelligible form within the shortest possible time from the date of the request, but not later than 30 days. The information shall be provided free of charge. If the personal data is not accurate and the accurate personal data is available to the data controller, the Service Provider shall rectify the personal data. Instead of deleting the personal data, the Service Provider shall block the personal data if the User so requests or if, on the basis of the information available to it, it is likely that deletion would harm the legitimate interests of the User. Blocked personal data may be processed only for as long as the processing purpose that precluded the deletion of the personal data persists. Service Provider shall delete personal data if its processing is unlawful, the User requests it, the processed data is incomplete or incorrect - and this situation cannot be lawfully remedied - provided that the deletion is not excluded by law, the purpose of the processing has ceased, or the statutory period for storing the data has expired, or the court or the National Authority for Data Protection and Freedom of Information has ordered it. The controller shall mark the personal data that it processes if the data subject contests the accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the contested personal data cannot be clearly established. The rectification, blocking, flagging and erasure shall be notified to the data subject and to all those to whom the data were previously disclosed for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject having regard to the purposes of the processing. If the controller does not comply with the data subject's request for rectification, blocking or erasure, it shall, within 30 days of receipt of the request, provide in writing the factual and legal reasons for refusing the request for rectification, blocking or erasure. In the event of refusal of a request for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of judicial remedy and of recourse to the Authority. The data subject shall have the right to obtain the personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable form and to transmit those data to another controller without hindrance by the controller, provided that the processing is carried out by automated means.The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless (i) it is necessary for entering into, or the performance of, a contract between the data subject and the controller, (ii) it is permitted by Union or Hungarian law, subject to the establishment of appropriate safeguards, or (iii) the data subject has given his or her explicit consent.

Remedies

User may object to the processing of his/her personal data if a)the processing or transfer of personal data is necessary for the fulfilment of a legal obligation to which the Service Provider is subject or for the purposes of the legitimate interests pursued by the Service Provider, the data recipient or a third party, unless the processing is required by law; b)the personal data is used or transferred for direct marketing, public opinion polling or scientific research purposes; c)in other cases provided for by law. The Service Provider shall examine the objection within the shortest possible period of time from the date of the request, but not later than 15 days, and shall decide whether the objection is justified and inform the applicant in writing of its decision. If the Service Provider establishes that the objection of the data subject is justified, it shall terminate the processing, including further recording and transmission of the data, and block the data, and shall notify the objection and the measures taken on the basis of the objection to all those to whom it has previously transmitted the personal data concerned by the objection and who are obliged to take action to enforce the right to object.If the User does not agree with the decision of the Service Provider, the User may appeal against it to a court within 30 days of its notification. The court shall act out of turn. Complaints against possible infringements by the data controller may be lodged with the National Authority for Data Protection and Freedom of Information: National Authority for Data Protection and Freedom of Information 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Postal
address: 1530 Budapest, P.O. Box 5.
Phone: +36 -1-391-1400 Fax: +36-1-391-1410
E-mail: [email protected]

Court action

The controller is obliged to prove that the processing is in compliance with the law. It is for the recipient to prove the lawfulness of the transfer. The court has jurisdiction to hear the case. The action may also be brought, at the option of the data subject, before the courts for the place where the data subject resides or is domiciled. A person who does not otherwise have legal capacity may be a party to the action. The Authority may intervene in the proceedings in order to ensure that the person concerned is successful. If the court grants the request, the controller is obliged to provide the information, rectify, block, erase the data, annul the decision taken by automated processing, take into account the data subject's right to object or disclose the data requested by the data subject. If the court rejects the data subject's request, the controller is obliged to erase the data subject's personal data within 3 days of the judgment. The controller shall also be obliged to delete the data if the data subject does not apply to the court within the time limit. The court may order the publication of its judgment, with the publication of the controller's identification data, if the interests of data protection and the protected rights of a larger number of data subjects so require.

Compensation

The controller must compensate any damage caused to another party by unlawful processing of the data subject's data or by a breach of data security requirements. The controller is also liable to the data subject for damage caused by the processor. The controller shall be exempted from liability if he proves that the damage was caused by an unavoidable cause outside the scope of the processing. No compensation shall be payable in so far as the damage was caused by the intentional or grossly negligent conduct of the injured party.

Relevant legislation . Act on the Right of Informational Self-Determination and Freedom of Information (hereinafter referred to as "Infotv.") - Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (in particular Act 13/A. -a) - Act XLVII of 2008 - on the prohibition of unfair commercial practices against consumers; - Act XLVIII of 2008 - on the basic conditions and certain restrictions of economic advertising activities (in particular Act No.-a) - Act XC of 2005 on Freedom of Electronic Information - Act C of 2003 on Electronic Communications (specifically Act No 155. -a) - Opinion No 16/2011 on the EASA/IAB Recommendation on Best Practices for Behavioural Online Advertising