Privacy Policy
Effective: 14.09.2024.
When you visit www.unito.shop, your personal data is processed and used. Your personal data
will be processed in a secure and reliable manner and in accordance with the following laws
and regulations as described in this notice.
The data processing is governed by Act CXII of 2011 on the Right to Informational Self-
Determination and Freedom of Information (hereinafter: Info tv.)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 on the protection of natural persons with regard to the processing of personal data
and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC
(GDPR),
Act XLVIII of 2008 - the provisions of the Act on the Basic Conditions and Certain
Restrictions of Economic Advertising Activity (Act XLVIII of 2008),
Act V of 2013 - the provisions of the Civil Code Act,
Act CVIII of 2001 - Act on certain aspects of electronic commerce services and
information society services,
Act XLVII of 2008 - Act on the Prohibition of Unfair Commercial Practices against
Consumers,
Act XC of 2005 on the Freedom of Electronic Information Act.
National Authority for Data Protection and Freedom of Information recommendation
and prior information on their data protection requirements.
General information
Name of the service provider as data controller
Name: Vitis Vinifera Kft. (hereinafter referred to as the "Service Provider" or "Data Controller")
Head office: 3527 Miskolc, Besenyői út 8.
Address for correspondence: 3527 Miskolc, Besenyői út 8.
email address: growth@unito.shop
2. Order from our online store
When you as a Customer (hereinafter referred to as: you, the Customer, or the Data Subject)
place an order with us, the personal data you provide will be collected, processed and used
within the framework of the applicable data protection laws in force. The information requested
from the Customer, which is necessary for the performance of the service requested by the
Customer, will be included as a mandatory field on the order or registration form, the provision
of other data is voluntary. For the conclusion and performance of contracts, we may need
contact information such as name, shipping and billing address, and information about the
payment method chosen by the Customer, depending on the specific case. In addition, we also
use the Customer's details to update our customer database so that only relevant data is stored
in the database. To avoid typing errors and to ensure that the goods ordered by the Customer
are delivered, the address entered is checked for completeness and accuracy
3. Definition of personal data
3.1. Personal data
During registration, the Data Subject is required to provide the following personal data:
name, (username)
e-mail address,
password,
billing address (billing name, street name, house number, municipality, postal code),
delivery address (delivery name, street name, house number, municipality, postal
code),phone number
Personal Data means data that can be associated with the Data Subject, in particular the
name, any identifier (e.g. tax identification number) and information specific to one or more of
his or her physical, physiological, mental, economic, cultural or social identities, and any
inference that can be drawn from the data concerning the Data Subject. In addition to the
registered user's name, address, telephone number, e-mail address and tax identification
number (tax identification number), during each visit to our website, additional data is
automatically collected for technical reasons, such as. For example, the IP address assigned to
your computer by your internet service provider to connect to the internet or information about
the internet site from which you have visited our offer, but also the browser settings used by you
(technical information). This technical material may in some cases constitute personal data.
However, as a general rule, we will only use this technical data to the extent that is technically
necessary for the operation of our website and to protect it against attacks and misuse.
3.2. Use of the Data Subject's personal data
Personal data may only be processed for specified purposes, for the exercise of rights and the
performance of obligations. Only personal data that is indispensable for the purpose of the
processing and is suitable for the achievement of that purpose may be processed. Personal
data may only be processed to the extent and for the duration necessary to achieve the
purpose. Personal data may be processed only if the data subject consents to it, or if it is
ordered by law or, on the basis of a statutory authorisation, by a local government decree within
the scope specified therein, for a purpose in the public interest. Within the limits of the law, we
collect, process and use the Data Subject's personal data in particular when he/she visits the
unito.shop website, when he/she registers or logs in with a user ID or when he/she orders
products from us. We only use your data in accordance with the applicable legal requirements
and this Privacy Policy and with your consent.
Identity of potential controllers of the data, recipients of personal data: personal data may be
processed by the Controller's staff, in compliance with the above principles.
3.3. Personal data and purpose of processing
Password: is used for secure access to the user account.
Surname and first name: required for contacting you, making a purchase and issuing a proper
invoice.username: used to identify you when you log in to your user account.
E-mail address: contact.
Telephone number: to contact you, to discuss billing or delivery issues more efficiently.
Invoicing name and address: to issue an invoice in accordance with the rules and to create,
define the content of, amend, monitor the performance of, invoice the fees arising from and
enforce claims relating to the contract.
Delivery name and address: to allow home delivery.
Date of purchase/registration: execution of a technical operation.
IP address at the time of purchase/registration: performing a technical operation
The legal basis for processing is Article 6 (1) (c) GDPR and Article 17/A (7) of Act CLV of 1997
on Consumer Protection.
The data subject may initiate the access to, deletion, modification or restriction of processing of
personal data, data portability and objection to processing in the following ways:
By post: 3527 Miskolc, Besenyői út 8.
By e-mail: growth@unito.shop.
4. Technical data
Data that are technically recorded during the operation of the system: the data of the logged-in
person's computer that are generated during the use of the service and that are recorded by the
Service Provider's system as an automatic result of technical processes. The automatically
recorded data are automatically logged by the system at the time of login or logout, without any
specific declaration or action by the Data Subject. These data may not be linked to other
personal user data, except in cases required by law. The data may only be accessed by the
Service Provider.
When the Data Subject visits the website of unito.shop, the following data is usually stored in
so-called log files for technical reasons:
the IP address of the connected computer,
the website from which you are visiting us (referring site)
the time and duration of your visit to our websites,
the type and settings of your browser,
your operating system
As a technical precaution, data is stored for up to 30 days to protect it from unauthorised
access by our data processing system.
Duration of processing
The processing of personal data provided during registration starts with registration and
continues until its deletion upon request. In the case of non-mandatory data, the processing
lasts from the moment the data is provided until its deletion upon request.
The controller shall inform the Data Subject by electronic means of the erasure of any personal
data provided by the Data Subject pursuant to Article 19 of the GDPR. If the data subject's
request for erasure also includes the e-mail address provided by him or her, the controller shall
also erase the e-mail address after the information, except in the case of accounting records,
since pursuant to Article 169 (2) of Act C of 2000 on Accounting, such data must be kept for 8
years.
Logged data is stored for 6 months from the date of logging, except for the date of the last visit,
which is automatically overwritten.
The above provisions do not affect the fulfilment of legal (e.g. accounting) retention obligations,
nor the processing of data on the basis of additional consents given during registration on the
Website or otherwise.
In the case of a newsletter, the processing of personal data lasts until you unsubscribe from the
newsletter.
6. Delete or edit profiles
The Customer may request the cancellation of the registration or the modification of his/her
data at any time by e-mail to info@unito.shop or in writing to the postal address at 3527
Miskolc, Besenyűi út 8., or the Data Subject may cancel the registration at any time by clicking
on the "Delete profile" button in the "Data modification" menu. However, the Data Controller
may not delete data which it is legally obliged to keep.
7. Responsibility, safety
The Controller does not verify the personal data provided to it. The person providing the data is
solely responsible for the correctness of the data. Any Customer who provides an e-mail
address is also responsible for ensuring that he/she is the only person who uses the e-mail
address provided. With regard to this assumption of responsibility, any liability for accessing
the service from a given e-mail address shall be borne solely by the Customer who registered
the e-mail address.
By using the Website, the Customer undertakes that the content, data and information provided
by the Customer and displayed on the Website do not violate the rights or legitimate interests of
third parties and the Data Controller.
The Data Controller shall, in the above cases, provide all reasonable assistance to the
competent authorities for the purpose of establishing the identity of the offending person.
In the above cases and in the event of non-compliance with the GTC, the Data Controller shall
be entitled to cancel the Customer's registration or subscription to the newsletter; in this case,
the Data Controller shall not be liable for any damages incurred by the Customer as a result of
the cancellation and shall inform the Customer of the cancellation at the same time.
The controller and the processor shall implement appropriate technical and organisational
measures, taking into account the state of the art and the cost of implementation, the nature,
scope, context and purposes of the processing and the varying degrees of probability and
severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of
data security appropriate to the level of risk, including, where appropriate: ensuring the
continued confidentiality, integrity, availability and resilience of the systems and services used
to process personal data; the ability to restore access to and availability of personal data in the
event of a physical or technical incident in a timely manner; and a procedure for regularly
testing, assessing and evaluating the effectiveness of the technical and organisational
measures taken to ensure the security of processing.
The Controller processes the personal data of Data Subjects in a traceable manner and in
accordance with the law. In addition to the above, personal data will only be transferred to third
parties with the consent of the Data Subject and will only be disclosed in the event of a request
from a public authority.
If you have any questions or concerns about the use of our services by the data controller, you
can contact the data controller using the methods provided on the website. The data controller
will delete the data provided in the e-mails and messages received, together with the name and
e-mail address of the interested party and any other personal data voluntarily provided, after a
maximum of 2 years from the date of the communication.
If you have any questions or would like to exercise any of your rights under the law, please send
an e-mail to info@unito.shop or in writing to the postal address at 3527 Miskolc, Besenyői út 8.
8. Data transfers, data processing, our contractual partners:
The Data Controller may transfer the Data Subject's data (name, billing or delivery address,
telephone number, e-mail address, tax number) to the following partners (recipients):
8.1.
To Framer B.V. Rozengracht 207, 1016 LZ, Amsterdam as hosting provider and operator.
Purpose of the transfer: data processing (e.g. processing your order, making the website
available).
Fact of processing, scope of data processed: all personal data provided by the data subject.
Duration of processing, deadline for deletion of data: until the termination of the agreement
between the data controller and the hosting provider or until the data subject's request for
deletion to the hosting provider.
The legal basis for the processing of the data is Article 6 (1) (c) and (f) and Article 13/A (3) of Act
CVIII of 2001 on certain aspects of electronic commerce services and information society
services
Rights of the data subject:
be informed about the circumstances of the processing,
have the right to receive feedback from the controller on the processing
of their personal data and to have access to all information relating to the
processing.is entitled to receive your personal data in a structured, commonly used,
machine-readable format.have the right to have inaccurate personal data corrected by the
controller without undue delay at his or her request
8.2.
If you do not choose personal delivery as the method of receipt of the product, the data required
for delivery will be transmitted to one of the following service providers of your choice,
according to the delivery method you have chosen: your name, billing or delivery address, e-
mail address, telephone number, tax number:
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft., (Cg.13-09-111755,
registered office: 2351 Alsónémedi, GLS Európa utca 2.), and
MPL Magyar Posta Zártkörűűen Működő Részvénytársaság Registered office: Budapest,
1138 Budapest, Dunavirág utca 2-6. Postal address: Budapest 1540, Company registration
number: 01-10-042463, Tax number: 10901232-4-44, for our contractual partner
The purpose of the data transfer is to enable the delivery of the ordered product to the delivery
address you have specified.
The fact of processing, the data processed: your name, delivery address, billing address,
telephone number, e-mail address, tax number.
Duration of processing, deadline for deletion of data: until the delivery is completed.
Legal basis for processing: article 6(1)(b) GDPR.
As regards delivery information, in order to ensure faster and more accurate delivery, we
consider it important to point out that we can only deliver to the delivery address you have
provided, regardless of whether it has changed in the meantime or has not been correctly
recorded during the purchase process in our online store.
8.3.
If you choose to pay by credit card, your personal data will be transmitted: name, address
(billing address, delivery address), e-mail address, telephone number, tax number:
Stripe (The One Buildnig, Grand Canal Street, Lower Dublin Ireland) as the operator of the
Stripe system.
The purpose of the data transfer is to ensure the online flow of funds through the Stripe System
and its secure processing.
The fact of processing, the data processed: name, address (billing address, delivery address),
e-mail address, telephone number, tax number.
Duration of processing, deadline for deletion of data: until the online payment is completed.
Legal basis for processing: article 6(1)(b) GDPR. The processing is necessary for the purposes
of online payment at the request of the data subject.
Rights of the data subject:
be informed about the circumstances of the processing,
have the right to receive feedback from the controller on the processing
of their personal data and to have access to all information relating to the
processing.is entitled to receive your personal data in a structured, commonly used,
machine-readable format.have the right to have inaccurate personal data corrected by the
controller without undue delay at his or her request.
8.4.
The Data Controller's billing software is used by Billingo Technologies Zártkörűen Működő
Részvénytársaság, registered under company number Cg.01-10-140802 (1133 Budapest,
Árbóc utca 6.; tax number: 27926309-2-41), which is used for the purpose of issuing a strictly
invoiced receipt (invoice), which is necessary to fulfil our obligations under the Accounting Act.
The purpose of the transmission is to issue a strict accounting voucher.
The fact of processing, the data processed: name, address (billing address, delivery address),
e-mail address, telephone number, tax number.
Duration of data processing, deadline for deletion of data: the period of 8 years provided for in
the Accounting Act.
Legal basis for processing: article 6(1)(f) GDPR.
8.5.
The data transfer is for marketing purposes: newsletter management, Google AdWords ads
management. Performed by the Data Controller.
8.6.
The newsletter manager:
The Data Controller shall.
The transmission of data is for marketing purposes.
8.7.
Facebook ads management:
The Data Controller shall.
The transmission of data is for marketing purposes.
The data provided to our partners under 8.5, 8.6, 8.7 are considered personal data:
Név, e-mail cím. Célja: Azonosítás, a hírlevélre való feliratkozás lehetővé tétele.
Name, e-mail address. Purpose: Identification, to enable subscription to the newsletter.
Date of subscription, Purpose: To perform a technical operation.
The IP address at the time of subscription. Purpose: To perform a technical operation.
Duration of data processing, deadline for deletion of data for our partners under 8.5, 8.6, 8.7:
Data processing lasts until the termination of the agreement between the Data Controller and
the contractual partners or until the data subject's request for deletion to the hosting provider
9. Marketing tools
9.1.
Social media
Fact of data collection, scope of data processed: name registered on
Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social networking sites, and
public profile picture of the user.
Data subjects: all data subjects who have registered on Facebook/Pinterest/Instagram etc. and
have "liked" the website.
Purpose of the data collection: to share or "like" certain content, products, promotions or the
website itself on social networking sites.
Duration of data processing, time limit for deletion of data, the identity of the possible
controllers entitled to access the data and the rights of the data subjects in relation to data
processing: the data subject can find out about the source of the data, the processing of the
data and the method and legal basis of the transfer on the relevant Community site. The data
are processed on the social networking sites, so the duration of the processing, the way in
which the data are processed and the possibilities for deleting and modifying the data are
governed by the rules of the social networking site concerned.
Legal basis for processing: the data subject's voluntary consent to the processing of his or her
personal data on social networking sites.
9.2.
Data processing related to newsletter, unsubscribe letter
The Newsletter will be published up to weekly, with targeted marketing messages from the
Data Controller. It will be sent to the e-mail address you have provided, with your prior and
explicit consent, either when you subscribe to the newsletter of the Data Controller or when you
provide the data to participate in one of the competitions or promotions of unito.shop or when
you register for an online competition, by expressly accepting the terms and conditions
described therein. By giving your prior consent, you expressly agree to receive targeted
marketing messages.
On the Website, the Data Controller allows Customers to subscribe to the newsletter
independently of registration by clicking on "subscribe" under the basket/newsletter menu.
The Customer may unsubscribe from receiving newsletters at any time, free of charge, without
restriction and without giving any reason. This can be done by sending an e-mail to the Data
Controller at info@unito.shop or by clicking on the "unsubscribe" link at the bottom of the
newsletters. In this case, the Data Controller will delete all personal data of the Customer
necessary for sending the newsletters from its records and will not contact the Customer with
further newsletters and offers. It is also possible to modify your data by clicking on the "modify
my data" link at the bottom of the newsletters.
The fact of data collection, the scope of the data processed and the purpose of the processing:
personal data
Purpose of data processing
Name, e-mail address: identification, to enable subscription to the newsletter.
Date of subscription: technical operation performed.
IP address at the time of subscription: performing a technical operation.
Data subjects: all data subjects who subscribe to the newsletter.
Purpose of the processing: sending electronic messages containing advertising to the data
subject, providing information on current information, products, promotions, new features, etc.
Duration of data processing, deadline for deletion of data: data processing lasts until the
consent is withdrawn, i.e. until unsubscription.
Notifications for information purposes that are essential for the performance of the contract and
the operation of the Data Controller, such as information about services or fee packages (e.g.
order confirmation, contract documents, payment processing), cannot be disabled. These
notifications will be sent to the destination you have specified.
9.3.
Use of cookies
We use cookies on our websites. Cookies are text files that allow us to provide you with the best
possible experience when you visit our website. This includes, for example, the default setting
parameters for displaying the shopping basket function. The cookie contains a clear
letter/number combination that identifies the browser you are using. These cookies are only
stored temporarily on your computer and are only transferred to our server when you visit our
website. We mainly use one-time activity cookies, which are not stored on your hard drive and
are deleted immediately when you close your browser or if you do not use the website for a
certain period of time.
You can view and delete the cookies
stored on your computer and control how they are used through your web browser settings.
You can get more information about this from the manufacturer or via your web browser's help.
Please note that the functions of the Data Controller are limited or unavailable if you disable the
use of cookies.
The "Help" function in the menu bar of most browsers provides information on how to use the
browser to
how to disable cookies,
how to accept new cookies, or
how to instruct your browser to set a new cookie, or
how to turn off other cookies.
Fact of processing, scope of data processed: unique identifier, dates, times
Data subjects: all data subjects visiting the website.
Purpose of data processing: to identify users, to register the "shopping cart" and to track
visitors.
Duration of data processing, time limit for deletion of data: from 1 hour to 40 years, depending
on the type of cookie.
9.4.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc.
("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to
help the website analyze how users use the site. The information generated by the cookie
about your visit to this website is usually transmitted to and stored by Google on servers in the
United States. Google will shorten your IP address, but only in the member states of the
European Union or other countries of the Agreement on the European Economic Area. Only in
exceptional cases will the full IP address be sent to a Google server in the United States and
shortened there. On behalf of the website operator, Google will use this information to evaluate
your use of the website, compile reports on website activity for website operators and provide
website operators with other services relating to website activity and internet usage. Google will
not associate the IP address transmitted by your browser with any other Google data. You may
refuse the use of cookies by selecting the appropriate settings on your browser. You can also
prevent the collection and use of data (cookies and IP address) by Google by downloading and
installing the browser plug-in available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=de
Instead of the plug-in or on browsers of mobile devices, click on this link to install a blocking
cookie, which will prevent the collection of data by Google Analytics on this website. The block
will remain in place until you delete the cookie. Once the cookie has been deleted, all you need
to do is click on the link again. For more information about the terms of use and privacy policy of
Google Analytics, please see the following pages:
https://www.google.com/analytics/terms/us.html
https://www.google.de/intl/en-GB/policies/
9.5.
Google AdWords remarketing
During visits to our site, one or more cookies - small files containing a series of characters - are
sent to the visitor's computer, which will allow the visitor's browser to be uniquely identified.
These cookies are provided by Google and are used through the Google Adwords system.
These cookies are only sent to the visitor's computer when visiting certain sub-pages, i.e. they
only store the fact and time of the visit to the sub-page in question and no other information.
Third-party service providers, including Google, use these cookies to store if the user has
previously visited the advertiser's website and, based on this, to display advertisements to the
user on the websites of partners of third-party service providers, including Google. Users can
opt out of Google cookies by going to the Google ads opt-out page. (You can also indicate to
users that you can opt out of cookies from third-party service providers by going to the Network
Advertising Initiative opt-out page.)
If you do not wish to participate in conversion tracking, you can opt-out by disabling the option
to set cookies in your browser. You will then not be included in the conversion tracking
statistics.
Information and Google's privacy statement are available at:
www.google.de/policies/privacy/
9.6.
Links to other companies' websites
The Data Controller may include links to other companies' websites. We are not responsible
for the privacy practices of external websites that you visit through such links. Please refer to
the privacy policies of these external websites.
Rights of data subjects
The data subject may request the controller to access, rectify, erase or restrict the processing
of personal data relating to him or her and object to the processing of such personal data, and
the data subject shall have the right to data portability and to withdraw consent at any time.
10.1. Right to information, right of access
Customers can request information
about the processing of their personal data from the Data Controller at any time in writing by
sending an e-mail to info@unito.shop, and - with the exception of the e-mail address provided
during registration - they can modify them at any time under the "data modification" menu.
Information requests sent by e-mail are considered authentic by the Data Controller only if they
are sent from the registered e-mail address of the Customer.
If the Customer so requests, the Data Controller shall provide information about the data
concerning the Customer and the data processed by the Data Controller, the purpose, legal
basis and duration of the processing, as well as who is or has been receiving the data and for
what purpose, unless there is a legal impediment to this.
If the Service Provider has an internal data protection officer, the Service Provider shall,
through the internal data protection officer, keep a register for the purpose of monitoring the
measures taken in connection with the data breach and informing the Data Subject, which shall
contain the scope of the Data Subject's personal data, the scope and number of Data Subjects
affected by the data breach, the date, circumstances, effects and measures taken to remedy
the data breach, as well as other data specified in the legislation requiring data processing.
10.2. Correction, deletion, blocking of data
The Customer has the right to request the correction or deletion of incorrectly recorded data at
any time by sending an e-mail to info@unito.shop. The Data Controller will delete the data
without undue delay from the date of receipt of the request, in which case they will not be
recoverable. The deletion does not apply to data processing required by law (e.g. accounting
regulations), which will be retained by the Data Controller for the necessary period.
The Customer may also request that his/her data be blocked. The Data Controller shall block
the personal data if the Customer so requests or if, on the basis of the information available to
it, it can be assumed that deletion would harm the Customer's legitimate interests. The
personal data blocked in this way may be processed only for as long as the purpose of the
processing, which precluded the deletion of the personal data, persists.
The rectification, blocking and erasure must be notified to the Customer and to all those to
whom the data was previously transmitted for processing. The notification may be omitted if
this does not harm the legitimate interests of the Customer with regard to the purpose of the
processing.
10.3 Objection to data processing
The customer may object to the processing of their personal data. The Data Controller shall
examine the objection within the shortest possible period of time from the submission of the
request, shall decide on the merits of the objection and shall inform the applicant in writing of its
decision.
10.4. Right to be forgotten
If the controller has disclosed the personal data and is required to delete it, it will take
reasonable steps, including technical measures, taking into account the available technology
and the cost of implementation, to inform the controllers that process the data that you have
requested the deletion of the links to or copies of the personal data in question.
10.5. The right to data portability
You have the right to receive personal data relating to you that you have provided to a controller
in a structured, commonly used, machine-readable format and the right to transmit such data to
another controller without hindrance from the controller to whom you have provided the
personal data.
10.6. Objection in case of direct acquisition
Where personal data is processed for direct marketing purposes, you have the right to object at
any time to the processing of personal data concerning you for such purposes, including
profiling, where it is related to direct marketing. If you object to the processing of your personal
data for direct marketing purposes, your personal data may no longer be processed for those
purposes.
10.7. Right to restriction of processing
You have the right to have the controller restrict processing at your request if one of the
following conditions is met:
- You contest the accuracy of the personal data, in which case the restriction applies for the
period of time that allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and you object to the deletion of the data and instead request the
restriction of their use;
- the controller no longer needs the personal data for the purposes of processing, but you
require them for the establishment, exercise or defence of legal claims;
- you have objected to the processing; in this case, the restriction applies for the period until it is
established whether the controller's legitimate grounds prevail over your legitimate grounds.
For any exercise of rights, questions or comments regarding data management, please
contact:
By post: 3527 Miskolc, Besenyői út 8.
By email: growth@unito.shop
Procedural deadlines
You will be informed of the action taken on these requests as soon as possible after receipt of
the request, but no later than 1 month.
If necessary, the 1-month deadline may be extended by 2 months, but we will notify you within
1 month of receiving your request (stating the reason and legal basis).
If we do not take action on your request, we will inform you of the reasons for non-action as
soon as possible after receiving your request, but no later than one month after receiving it, and
of the possibility to lodge a complaint with a supervisory authority and exercise your right to
judicial remedy.
Complaints handling
The fact of collection, the scope of the data processed and the purpose of the processing:
Personal data
Purpose of data processing
Surname and first name
Identification, contact.
E-mail address
Staying in touch.
Phone number
Staying in touch.
Billing name and address
Identifying, handling quality complaints, questions and problems with the products ordered.
Data subjects: all data subjects who shop on the website of the webshop and all data subjects
who complain about quality.
Duration of data processing, deadline for data erasure.
The personal data may be processed by the staff of the Controller, in compliance with the
principles set out above.
The data subject may request the controller to access, rectify, erase or restrict the processing
of personal data relating to him or her and object to the processing of such personal data, and
the data subject shall have the right to data portability and to withdraw consent at any time.
13. Informing the data subject of the personal data breach
Data breach: a breach of security that results in the accidental or unlawful destruction, loss,
alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or
otherwise processed.
Where the personal data breach is likely to result in a high risk to the rights and freedoms of
natural persons, the controller shall inform the data subject of the personal data breach without
undue delay.
The information provided to the data subject shall clearly and prominently describe the nature
of the personal data breach and provide the name and contact details of the data protection
officer or other contact person who can provide further information; describe the likely
consequences of the personal data breach; describe the measures taken or envisaged by the
controller to remedy the personal data breach, including, where appropriate, measures to
mitigate any adverse consequences of the personal data breach.
The data subject need not be informed if any of the following conditions are met:
the data controller has implemented appropriate technical and organisational protection
measures and these measures have been applied to the data affected by the personal
data breach, in particular measures, such as the use of encryption, which render the
data unintelligible to persons not authorised to access the personal data;the controller has taken additional measures following the personal data breach to
ensure that the high risk to the rights and freedoms of the data subject is no longer likely
to materialise;information would require a disproportionate effort. In such cases, the data subjects
should be informed by means of publicly disclosed information or a similar measure
should be taken to ensure that the data subjects are informed in an equally effective
manner.If the controller has not yet notified the data subject of the personal data breach, the
supervisory authority may, after having considered whether the personal data breach is
likely to present a high risk, order the data subject to be informed.
Reporting a data protection incident to the authority
The data protection incident shall be notified by the controller to the supervisory authority
competent under Article 55 without undue delay and, where possible, no later than 72 hours
after the data protection incident has come to its attention, unless the data protection incident is
unlikely to pose a risk to the rights and freedoms of natural persons. If the notification is not
made within 72 hours, it shall be accompanied by the reasons justifying the delay.
14. Remedies
The Data Controller shall compensate any damage caused to another party by unlawful
processing of the data subject's data or by breach of the requirements of technical data
protection. The controller shall be exempt from liability if the damage was caused by an
unavoidable cause outside the scope of the processing. No compensation shall be payable
where the damage resulted from the intentional or grossly negligent conduct of the injured
party. Complaints about data processing may be lodged with the courts or the
National Authority for Data Protection and Freedom of Information:
Head office: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf 9.
+36 (30) 683-5969
+36 (30) 549-6838
+36 (1) 391 1400
Fax +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
15. Other provisions
The Service Provider's system may collect data on the activity of the Data Subjects, which
cannot be linked to other data provided by the Data Subject at the time of registration, nor to
data generated by the use of other websites or services.
In all cases where the Service Provider intends to use the data provided for purposes other
than those for which they were originally collected, the Service Provider shall inform the Data
Subject thereof and obtain his or her prior explicit consent or provide him or her with the
opportunity to prohibit such use.
The Service Provider undertakes to ensure the security of the data, to take technical measures
to ensure that the data recorded, stored or processed are protected, and to take all necessary
measures to prevent their destruction, unauthorised use or unauthorised alteration. It also
undertakes to require any third party to whom it may transfer or disclose the data to comply with
its obligations in this respect.
The Service Provider reserves the right to unilaterally modify these Terms and Conditions by
giving prior notice to the Data Subjects through the Website. After the modification has entered
into force, the Data Subject must accept the modifications in the manner provided by the
Service Provider on the Website in order to continue using the Website.
Best regards:
Vitis Vinifera Kft