Peregium Green Kereskedelmi Zrt.
Data Processing Information And Privacy Policy
I. INTRODUCTORY PROVISIONS
Peregium Green Kereskedelmi Zrt. (Registered office: 2143 Kistarcsa, Külső Raktár körút 11., hereinafter: “PG”) undertakes to protect the Personal Data of its customers in accordance with the applicable legislation on data protection. This Privacy Notice and Privacy Policy (hereinafter: “Policy”) defines how we collect, process and ensure the protection of the Personal Data of our customers visiting our website and/or purchasing our products.
General Information
Name of supplier: | Peregium Green Kereskedelmi Zrt. |
Registered office: | 2143 Kistarcsa, Külső Raktár körút 11. |
Registered at: | Fővárosi Törvényszék Cégbírósága |
Company Registry Number: | 13-10-042486 |
Tax number: | 27869789-2-13 |
E-mail address: | office@peregiumgreen.hu |
Website: | www.peregiumgreen.hu |
This Policy regulates the Data Management of the following site and is also available at:
II. DEFINITIONS
- personal data: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
- data management/processing: any operation or set of operations performed on Personal Data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, inspection, use, communication, transmission, distribution or by being made available in any other way, coordination or connection, limitation, erasion or distruction.
- data controller: a natural or legal person, public authority, agency or any other body that determines the purposes and means of processing Personal Data independently or in cooperation with others; if the purposes and means of Data Management are determined by EU or member state law, the Data Controller or the special aspects regarding the designation of the Data Controller may also be determined by either EU or member state law.
- data processor: a natural or legal person, public authority, agency or any other body that processes Personal Data on behalf of the Data Controller.
- recipient: a natural or legal person, public authority, agency or any other body to whom the Personal Data is communicated, regardless of whether it is a Third Party or not. Public authorities that have access to Personal Data in accordance with EU or Member State law are not considered Recipients in the context of an individual investigation; the handling of the data mentioned above by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the Data Management.
- third party: a natural or legal person, public authority, agency or any other body that is not identical to the data subject, the Data Controller, the Data Processor or the persons who have been authorized to handle Personal Data under the direct control of the Data Controller or Data Processor.
- filing system: a file of Personal Data divided in any way – centralized, decentralized or functional, or according to geographical aspects – which is accessible based on specific criteria.
- data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to Personal Data transmitted, stored or handled otherwise.
- representative: the natural or legal person with a place of business or residence in the European Union assigned in writing by the Data Controller or the Data Processor according to Article 27, who represents the Data Controller or Data Processor concerning the obligations of the Data Controller or Data Processor defined by this regulation.
- enterprise: a natural or legal person engaged in economic activity, regardless of its legal form, including joint ventures and associations engaged in regular economic activity.
III. Data protection guidelines applied by PG
1.
PG, as a data manager, undertakes to ensure that all Data Processing related to its activities meets the requirements set in these regulations and in the applicable national legislation and in the legal acts of the European Union.
2.
Information about PG’s Data Management is continuously available in the footer of the website operated by PG.
3.
The PG Service Provider is entitled to unilaterally amend the Data Processing Information and Privacy Policy. In case of changes to the Policy, PG will notify the user by publishing the changes on the website. By using the service after the amendment enters into force, the user accepts the amended Regulations.
4.
PG is committed to protecting the Personal Data of its customers and partners, and considers it of utmost importance to respect its customers’ right to self-determination of information. PG treats Personal Data confidentially and takes all security, technical and organizational measures that guarantee data security. PG’s Data Management practice is part of this Policy.
5.
PG’s Data Management principles are in compliance with the applicable data protection legislation, in particular:
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information;
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
- Act V of 2013 – on the Civil Code (Civil Code);
- Act CVIII of 2001 – on certain aspects of electronic commerce services and information society services;
- Act XLVIII of 2008 – on the Basic Conditions and Certain Restrictions on Commercial Advertising
6.
PG uses Personal Data on the basis of the legal basis set out in the GDPR and only for the purposes for which these data are collected.
7.
PG undertakes to publish a clear, prominent and unambiguous notice informing its users of the manner, purpose and principles of the collection, recording and processing of any Personal Data of its users. In the case of mandatory disclosure, the legal provision that imposes the processing must also be indicated. The data subject must be informed of the purposes of the processing and of the persons who will process the Personal Data.
8.
In any case, if PG intends to use the provided Personal Data for a purpose other than the purpose of the original data collection, it will inform the user of this and obtain their prior, express consent, or provide them with the opportunity to prohibit the use of data.
IV. The legal basis of Data Management, the purpose and scope of managed data, the duration of Data Management, and the persons entitled to access Personal Data
1.
The Data Management of the Service Provider rests on the following legal bases (GDPR Article 6 (1)):
- the data subject has given their consent to the processing of their Personal Data for one or more specific purposes (voluntary consent);
- the Data Processing is necessary for the performance of a contract in which the data subject is one of the parties, or – it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract (performance of the contract);
- the Data Management is necessary to fulfill the legal obligation of the Data Controller (legal obligation);
- Data Processing is necessary to assert the legitimate interests of the Data Controller or a Third Party (legitimate interest).
2.
In the case of Data Management based on voluntary consent, data subjects may withdraw their consent at any stage of Data Management.
3.
Incapacitated and limited minors may not use services through the Service Provider’s system.
4.
In certain cases, the management, storage, and transmission of a range of the provided data are made mandatory by law, of which we will notify users separately.
5.
We draw the attention of data informants to PG that if they do not provide their own Personal Data, the data informant is obliged to obtain the consent of the data subject.
6.
Personal Data may only be processed for specific purposes. In all stages of Data Management, the purpose of Data Management must be met, the collection and management of data must be fair and legal. Only Personal Data that is essential for the realization of the purpose of Data Management and suitable for achieving the purpose can be processed. Personal Data can only be processed to the extent and for the time necessary to achieve the purpose. PG does not use Personal Data for purposes other than those indicated.
V. Electronic newsletter
1.
The purpose of the Data Management is to send email newsletters, advertising offers and other mailings of the Service Provider to the Users, based on the prior and express consent of the Users.
Sending emails containing news, professional content, and events to Users, providing information about current information, products, promotions, new functions, etc.
If the User subscribes to the newsletter, PG can send them a newsletter as often as they decide. The Service Provider does not send unsolicited advertising messages, and the User can unsubscribe from newsletters free of charge, without any limitation or justification.
2.
Legal basis for Data Management: voluntary consent of the data subject, GDPR Article 6 (1) (a)
3.
Scope of stakeholders: All stakeholders who subscribe to the newsletter
4.
Scope of processed data: name, e-mail address
5.
Deadline of data deletion: The Service Provider manages the data provided until the User prohibits the use of the data for this purpose by unsubscribing. They can cancel the newsletter by clicking on the Unsubscribe link in the newsletter. Personal Data will be deleted within 10 working days from the receipt of the request. If the User does not perform any activity, and thus does not use any of the services provided by the Service Provider, the Service Provider will delete the registration after 3 years from the subscription to the newsletter.
6.
Possible consequences of failure to provide data: the User will not receive notifications about programs and services.
7.
Source of Personal Data: the Data Subject
VI. Cookie management (“Cookie”)
1.
A cookie is an alphanumeric information package of variable content sent by the web server, which is recorded on the User’s computer and stored for a predetermined validity period. The use of cookies provides the opportunity to query some of the visitor’s data and to monitor their internet usage. Cookies help track the interests, internet usage habits, and website visit history of the concerned User, in order to ensure that the User’s browsing experience is optimal.
2.
With the help of information sent by cookies, Internet browsers can be recognized more easily, so Users can receive relevant and “personalized” content. Cookies make browsing more convenient, including requests related to online data security and relevant advertising. With the help of cookies, PG can also create anonymous statistics about the habits of site visitors, thus the look and the content of the site can be more specifically customized.
3.
Cookies used by PG website:
- Strictly necessary / Mandatory cookies, e. cookies that are absolutely necessary for the use of the website:
In the case of this website, these cookies are necessary for logging in, for the “Remember me” function, and for the proper and secure operation of the system.
These cookies provide assistance in moving around the website and remember the User’s actions on certain pages. Without these cookies, the services would not work. These cookies do not store which pages the User viewed on the Internet or data that could be used for marketing purposes.
Acceptance of these types of cookies is a condition for the proper use of the website, so if the user disables them, we cannot guarantee the proper functioning of the website and adequate security when using the site.
-
- Performance cookies, analytical cookies:
Google Analytics: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
-
- Google AdWords
- Facebook Pixel
These cookies collect information about how the User uses our website (e.g. which pages are viewed or if there are any errors). These cookies do not collect information on the basis of which the User could be identified.
By using our website, you accept the use of Performance cookies.
Acceptance of these types of cookies is a condition for the proper use of the website, so if the user disables them, we cannot guarantee the proper functioning of the website and adequate security when using the site.
-
- Non-essential or functional cookies:
By using our website, the user accepts the use of functional cookies. Acceptance of these types of cookies is a condition for the proper use of the website, so if the user disables them, PG cannot guarantee the proper functioning of the website and adequate security when using the site.
4.
When visiting the website, the User can give their consent to the permanent cookies being stored on the User’s computer and the Service Provider can access them by pressing the button on the cookie warning on the login page.
5.
Purpose of Data Management: the proper and secure operation of the system.
6.
Legal basis for Data Management: voluntary consent of the data subject, Article 6 (1) (a)
Scope of managed data:
- For necessary cookies:
- Remembers the information entered on each page when the user navigates to different pages during browsing;
- Recognizes users when they log into the website;
- Makes sure that the User is connected to the right service after some elements of the website’s operation having been modified.
- Redirects the User to applications of different services or to special servers.
- For performance cookies:
- Web analytics: provides statistics on how the website is used.
- Ad Response Rate: Shows how effective your ads are, including those that point to your website.
- Error management: helps improve the website by detecting errors that arise.
- Testing designs: for testing different display versions of the website.
- For non-essential or convenience cookies:
- Provision of various services, as well and recording the User’s settings in order to facilitate visiting the website.
- Memorizing the User’s settings, such as website layout, text size, preferred settings, colors, etc.;
- Recording the user’s login time.
7.
The duration of Data Management: data are processed for the time necessary to achieve the purpose of Data Management or until consent is withdrawn.
8.
Possible consequences of failure to provide data: incomplete use of website services, inaccuracy of analytical measurements.
9.
Source of Personal Data: data automatically generated by the IT system. Recipients of Personal Data, categories of Recipients: none
VII. Statistical data
The data may be used by the Data Controller for statistical purposes. The use of the data in a statistically aggregated form shall not include the name of the concerned user or other identifiable information of them in any form.
VIII. Technically recorded data during the operation of the system
Technically recorded data are the data of the User’s logged-in computer, which are generated during the use of the service and which are logged by the Data Management system as an automatic result of the technical processes (e.g. IP address, session ID). Due to the operation of the Internet, the data recorded automatically is logged by the system without the User’s special declaration or action but automatically, by using the Internet. The Internet cannot function without these automatic server-client communications. These data cannot be combined with other User Personal Data – except in cases made mandatory by law. Only the Data Controller has access to the data. The log files that are automatically and technically recorded during the operation of the system are stored in the system for a reasonable period of time in terms of ensuring the operation of the system.
IX. Other Data Management
1.
We provide information on Data Management not listed in these regulations on the occurance of the data being collected.
2.
We inform our clients and partners that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the Hungarian Authority for Data Protection and Freedom of Information, or other bodies based on the authorization of the law can contact the Service Provider to provide information, communicate data, hand over or provide documents. The Service Provider only discloses Personal Data to the authorities – if the authority has indicated the exact purpose and the scope of the data – to the extent that is absolutely necessary to achieve the purpose of the request.
3.
PG does not validate the Personal Data provided. The person providing the data is solely responsible for the adequacy of the data provided. When entering an email address, any user assumes responsibility for the fact that service used in regards to the specified email address is performed only by the user. Regarding this responsibility, all kinds of responsibility related to logins with a specified e-mail address are the sole responsibility of the user who registered the given email address. If the user does not provide their own Personal Data, they are obliged to obtain the consent of the other person concerned.
4.
Certain employees having an employment or other contract relationship with PG as well as the Data Processor are entitled to access the Personal Data.
X. Rights related to Data Management
1.
The data subject may request information about the processing of their Personal Data, as well as request the correction of their Personal Data, or – with the exception of mandatory Data Processing – deletion, withdrawal, limitation of Data Processing, and may exercise their right to data portability and objection in the manner indicated when the data was collected, or via the Data Controller’s customer service. Peregium Green Kereskedelmi Zrt. is the Data Controller with regard to the Data Management performed in this Policy.
2.
Provided the data subject has any questions or problems while using our Data Controller services, they can contact the Data Controller via the contact details provided on the website.
3.
Right to information (based on Articles 13-14 of the General Data Protection Regulation): The Data Subject may request written information from the Data Controller regarding the handling of Personal Data concerning the Data Subject through the contact details of Peregium Green Kereskedelmi Zrt. provided in point I. 4.
4.
Right to access (based on Article 15 of the General Data Protection Regulation): The data subject has the right to, upon request, receive feedback from the Data Controller regarding the processing of their Personal Data on whether their Personal Data is being processed, and if such Data Processing is in progress, they are entitled to get access to their Personal Data. The Data Controller provides a copy of the Personal Data that is the subject of Data Management – if this does not conflict with other legal obstacles – to the Data Subject. If the Data Subject submitted the request electronically, the information must be provided in a widely used electronic format, unless the Data Subject requests otherwise. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on the administrative costs arising.
5.
Right to correction and addition (based on Article 16 of the General Data Protection Regulation): The Data Subject may request the Data Controller to amend any of their Personal Data in writing. Considering the purpose of Data Management, the Data Subject is entitled to request the appropriate addition of incomplete Personal Data managed by the Data Controller. The Data Controller is to fulfill the request within a maximum of one month and to notify the Data Controller about the modification in a letter or e-mail sent to the contact address provided.
6.
Right to deletion (based on Article 17 of the General Data Protection Regulation): The data subject may request the deletion of their Personal Data from the Data Controller in writing. The deletion of Personal Data can basically be requested if Data Processing is based on the Data Subject’s consent, e.g. the Data Subject has given their consent to the processing of their data (phone number, e-mail address) for the purpose of contact. In this case, we will delete the Personal Data.
Data deletion is not possible if Data Management is necessary:
- for the purpose of exercising the right to freedom of expression and information;
- for the purpose of fulfilling obligations according to the law applicable to the Data Controller requiring the processing of Personal Data, as well as for the purpose of performing a task performed for the public good or in the context of the exercise of public authority conferred on the Data Controller;
- affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, based on public interest;
- or to submit, assert or defend legal claims.
However, if there is no such obligation, the Data Controller shall fulfill the request within a maximum of one month and notify the Data Subject of this in a letter or e-mail sent to the contact address provided for this purpose.
7.
The right to limit (block) Data Processing (based on Article 18 of the General Data Protection Regulation): The Data Subject may request in writing their Personal Data to be blocked by the Data Controller (by clearly indicating the limited nature of Data Processing and ensuring that it is handled separately from other data). The blocking lasts as long as the reason indicated by the Data Subject makes it necessary to store the data. Data Processing may be restricted if one of the following conditions is met:
- the data subject disputes the accuracy of the Personal Data, in which case the restriction applies to the period that allows the accuracy of the Personal Data to be checked;
- the Data Management is illegal and the data subject opposes the deletion of the data and requests the restriction of their use instead;
- the Data Controller no longer needs the Personal Data for the purpose of Data Management, however, the data subject requires them to present, enforce or defend legal claims;
- the data subject objected to the Data Processing, in which case the restriction applies to the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.
If Data Management is subject to restrictions, Personal Data may only be processed with the consent of the data subject, with the exception of storage, or for the submission, enforcement or defense of legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state. The Data Controller informs the data subject of the lifting of restrictions on Data Management in advance.
8.
Right to data portability (based on Article 20 of the General Data Protection Regulation): The Data Subject may request in writing to receive the Personal Data relating to them provided to the Data Controller in a segmented, widely used, machine-readable format, and is also entitled to have this data forwarded to another Data Controller without the Data Controller preventing this, if:
- the Data Processing is based on the consent of Article 6 (1) (a) or
- Article 9 (2) (a) of the General Data Protection Regulation, or
- It is based on a contract according to paragraph Article 6 (1) (b);
- and Data Management is automated.
9.
Right to object (based on Article 21 of the General Data Protection Regulation): According to section 10.2 the Data Subject is entitled to object in writing to the processing of their Personal Data in accordance with Article 6 (1) (f) of the General Data Protection Regulation, considering it necessary to assert the legitimate interests of the Data Controller or a Third Party, including profiling based on the aforementioned legislations through the contact details provided in point 1.
In the event of a protest, the Data Controller may no longer process the Personal Data, unless the Data Processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defense of legal claims. If Personal Data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of Personal Data managed for such purposes, including profiling, if it is related to direct business acquisition. If the Data Subject objects to the processing of Personal Data for the purpose of direct business acquisition, then the Personal Data may no longer be processed for this purpose.
10.
Right of withdrawal: The data subject has the right to withdraw their consent to Data Management at any time. Withdrawal of consent does not affect the legality of Data Processing based on consent prior to withdrawal.
11.
Procedural rules: The Data Controller informs the data subject without undue delay, but in any case within one month of the receipt of the request, of the measures taken following the request according to the relevant article of the GDPR. If necessary, this deadline can be extended by another two months, taking the complexity of the application and the number of applications into account. The Data Controller shall inform the data subject of any possible extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise.
If the Data Controller does not take measures following the data subject’s request, it shall inform the data subject of the reasons for the failure to take action, and of the fact that the data subject may file a complaint with a supervisory authority and exercise their right to judicial redress without delay, but within one month of the receipt of the request at the latest. The Data Controller provides the requested information and notices free of charge.
However, if the data subject’s request is clearly unfounded or – especially due to its repeated nature – excessive, the Data Controller may charge a reasonable fee taking the administrative costs associated with providing the requested information or information or taking the requested measure into account or refuse to take action based on the request.
The data manager informs all Recipients of all corrections, deletions or Data Management restrictions carried out, to whom or to which the Personal Data was disclosed, unless this proves to be impossible to fulfill or requires a disproportionately large effort. At the request of the data subject, the Data Controller informs about these Recipients.
The Data Controller provides a copy of the Personal Data that is the subject of Data Management to the data subject. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information will be provided in electronic format, unless the data subject requests otherwise.
XI. Damages and compensation
Any person who has suffered material or non-material damage as a result of a violation of the data protection regulation may be entitled to compensation from the Data Controller or Data Processor for the damage suffered. The Data Processor is only liable for damages caused by Data Processing if it has not complied with the obligations specified in related regulations, specifically imposed on Data Processors, or if it has ignored or acted contrary to the legal instructions of the Data Controller. If several data managers or Data Processors or both data managers and Data Processors are involved in the same Data Management and are liable for damages caused by Data Management, each data manager or Data Processor is jointly and severally liable for the entire damage. The Data Controller or the Data Processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage.
XII. Complaints and legal remedies
1.
If the person concerned has any questions or problems while using our Data Controller services, they can contact the Data Controller via the contact details provided on the website.
2.
Right to go to court: The Data Subject may go to court against the Data Controller or the Data Processor if, according to their judgment, the Data Controller or the Data Processor entrusted by them or acting on the basis of their instructions has used their Personal Data in a law or a mandatory legal act of the European Union regarding the processing of Personal Data is handled in violation of specific regulations. Adjudication of the lawsuit falls within the jurisdiction of the court. The lawsuit can also be initiated – at the Data Subject’s choice – before the competent court of the Data Subject’s place of residence or residence.
3.
Data protection official procedure: Complaints can be made to the National Data Protection and Freedom of Information Authority:
Name: Hungarian Authority for Data Protection and Freedom of Information
Registered office: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf.: 9.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
Kistarcsa, 14th November 2023
Peregium Green Kereskedelm Zrt.