PRIVACY AND COOKIES POLICY

We would like to draw the attention of our users, that in the case of interpretation problems the Hungarian DATA PROCESSING NOTICE is the authoritative. http://www.pick.hu/hu/adatvedelem 

 

DATA PROCESSING NOTICE

 

1. PREAMBLE

 

This Data Processing Notice (hereinafter: Notice) applies to the Processing of Personal Data gathered through the website of PICK Szeged Zrt. (hereinafter: Data Controller). The Data Controller shall protect all Personal Data, comply with all binding legal regulations and process data in a secure and fair manner.

 

Data Controller Details:

 

Company Name:                                     PICK Szeged Zrt.

Mailing Address:                                     H-6725 Szeged, Szabadkai út 18.

E-mail:                                                     PICKSzeged,Marketing@pickszeged.bonafarm.hu

Website:                                                   www.pick.hu

 

 

This Notice was based on the following laws currently in effect in Hungary:

  1. Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter: Infotv.);
  2. Act CVIII of 2001 on Certain issues of electronic commercial services and information society services (hereinafter: Ektv.);
  3. Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (hereinafter: Grt.);
  4. Act C of 2003 on Electronic Communications (hereinafter: Ehtv.);
  5. Act CXIX of 1995 on the Use of Name and Address Information Serving the Purpose of Research and Direct Marketing;
  6. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR).

This Notice regulates the data processing of this website: www.pick.hu

This Notice is available on the following web page: http://www.pick.hu/en/privacy-policy  

 

The Data Controller shall comply with the terms set forth in this Notice, and asks everyone; website visitors, newsletter subscribers, those who have accepted the cookie policy, those who have sent messages on contact surface in particular, to accept and comply with the terms of this Notice. The Data Controller reserves the right to change this Notice, in which case the amendments to this Notice shall come into effect at the time of their publication on http://www.pick.hu/en/privacy-policy.  

 

2.DEFINITIONS

 

The concepts used within this Notice are defined as follows:

 

Data Subject: any natural entity directly or indirectly identifiable or identified by their Personal Data;

Personal Data: any data related to a Data Subject, in particular their name, ID, or any physical, physiological, mental, economic, cultural or social identifier or any deductible information based on such data relating to the Data Subject;

Consent: the freely and explicitly given statement of any appropriately informed Data Subject, wherein they clearly express their consent to the full or partial Processing of their Personal Data;

Objection: the statement of the Data Subject, wherein he/she objects to the Processing of their Personal Data, and demands the termination of all such Processing and the deletion of the processed data;

Data Controller: any natural or legal entity, or entity without legal personality, who or what, individually or with others, sets the purpose of the Data Processing, makes all decisions in relation therewith (including the device to be used), and executes the Processing themselves or through a Data Processor;

Data Processing: any operation or set of operations performed on the data, irrespective of the used method, in particular the gathering, recording, organisation, storage, modification, use, recall, transfer, disclosure, alignment or connection, blocking, erasure and destruction of data, the limiting of further use of the data, taking photos or recording videos of the data, and recording any physical attributes suitable for identifying any entity;

Data Transfer: making the data available to a specific third party;

Disclosure: making the data available to the general public;

Erasure: irreversibly deleting data or making it unrecognisable;

Tagging: marking the data with an identifier for the purpose of differentiation;

Blocking: marking the data with an identifier for the purpose of temporarily or permanently limiting further processing;

Destruction: the complete physical destruction of the data storage or carrier containing the data;

Processing of data: the performance of technical tasks related to processing activities, irrespective of methods and tools used and the location of the performance, provided that the technical task is performed on data;

Data Processor: any natural or legal entity, or entity without legal personality, who or what performs Data Processing in accordance with an agreement, including an agreement entered into based on applicable law;

Data Set: all the data processed in one filing system;

Third Party: any natural or legal entity, or entity without legal personality, other than the Data Subject, the Data Controller and the Data Processor;

Personal Data Breach: means an unlawful processing of Personal Data, in particular unauthorised access to, change, transfer, disclosure, erasure and destruction of, or the accidental or unlawful destruction or impairment of Personal Data.

 

3. VISITING THE WEBSITE

 

Visiting occurs when an entity clicks on the relevant website of the following company:

Company name: Pick Szeged Zrt.

Website: www.pick.hu/en

 

3.1.  Purpose of Data Processing

 

The Data Controller gathers visitor data for the purpose of verifying and assessing the effectiveness of services provided, to provide custom services and to stop any potential abuse thereof. The Data Controller shall not use the data gathered during log checks to attempt to identify any visitors or to connect such data to other information.

 

3.2.  Legal Basis for Data Processing:

 

The Consent given by the Data Subject in accordance with Article 13/A(4) of the Ektv. and Article 6(1)(a) of the GDPR.

 

3.3.  Range of Data Subjects:

 

Any visitor who visits www.pick.hu/en, operated by the Data Controller.

 

3.4.  Range of Processed Personal Data

 

Date and time of the visit, address of visited site, user IP-address, type and language of the operation system, visited pages and time spent on pages – depending on user settings

 

3.5.  Duration of Data Processing

 

Google Adwords cookie: Maximum 2 years. Visitors can change settings with enable or disable the cookies.  For further information please visit Help page of your browser.

 

Google Analytics cookie: Maximum 2 years. Visitors can change settings with licencing or blocking the cookies.  For further information please visit Help page of your browser.

 

3.6.  Entities authorised to access Personal Data

 

Competent staff of Data Controller and Data Processor

 

3.7.  The Data Controller is the company named in Section 1 of this Data Processing Notice.

 

3.8.  The Data Processor

 

1) A Café Communications Kft. 

Mailing Address: H-1037 Budapest, Seregély utca 3-5.

E-mail: info@cafecommunications.hu

Website: http://www.cafecommunications.hu/ 

shall perform the following activities: website operation, maintenance

Data processing and data management activities: Analyze visitor data (anonymous), for later development of the site. Full access to the database.

 

2) A Lampyon Hungary Kft.

Mailing Address: H-1119 Budapest, Petzvál József utca 56.e-mail cím: info@lampyon.com

E-mail: http://lampyon.com/en/

shall perform the following activities: website development

Data processing and data management activities: Does not perform data management activities. Full access to the database for any technical troubleshooting.

 

3) Bonafarm Zrt.

Mailing Address: H-1023 Budapest, Alkotás u. 53

shall perform the following activities: server hosting

Data processing and data management technologies: with information system

contact: Decsi László – BF IT

 

4) Invitel Távközlési Zrt.

Mailing Address: H-2040 Budaörs, Puskás Tivadar u. 8-10.

shall perform the following activities: server hosting, storage

Data processing and data management technologies: with information system

contact datas, error reporting: help@invitel.co.hu

 

For further information about the Invitec service details, please click here: https://invicloud.hu/Home/About

 

Processing by third party providers (especially Google):

 

The html code of the portal may contain links redirecting to or from external servers, independent of the server provided by the Invitel Távközlési Zrt. with Invicloud on behalf of the Data Controller. The servers of external providers may connect directly to the visitor's computer. Please note that the providers of such links may gather visitor data through the direct connection to their servers and the direct communication with the visitor's browser. All content personalised for the visitor is provided by the servers of external providers. The connection between the server provided by the Invitel Távközlési Zrt. with Invicloud on behalf of the Data Controller and the servers of external providers may only include the insertion of codes from the latter, thus no transfer or transmission of Personal Data takes place. The cookies used by external providers are the Google Adwords cookie and the Google Analytics cookie in particular.

 

4. PROCESSING OF COOKIES

4.1.  Purpose of Data Processing

 

The Data Controller uses cookies during the visit of the following website: www.pick.hu/en.  Cookies are data packages containing letters and numerals sent by the Data Controller's website to the visitor's computer to save specific settings, to make the Data Controller's website easier to use and to help the Data Controller gather some relevant statistical data from the visitors of the website. Cookies contain no Personal Data, and cannot be used to identify individual visitors. Data Processing related to cookies is done to identify and differentiate visitors and their current browsing session, to store details entered during the session, to prevent data loss, and to recognize the specifications of the browser used.

 

Cookies often contain a unique identifier (an encrypted, randomly generated sequence) stored on the device of the visitor. Some cookies expire after the browser is closed, while some remain stored on the visitor's computer for longer periods of time. The visitor may delete any cookie from their own computer at any given time, or may block the use of cookies within their browser. Cookie settings are usually found within the Privacy tab of the Settings/Preferences menu, under "cookies".

 

Google Adwords cookie: the cookie identifier of the visitor is added to the re-marketing list upon visiting the Data Controller's website for the first time. Google uses cookies (e.g. NID and SID cookies) in Google products, including Google Search, to personalise advertisements. They use such cookies to save the last searches of the visitor, their previous interactions with the ads of specific advertisers, and their visits to the websites of these advertisers. The conversion tracking function of Adwords uses cookies. It saves cookies on the visitor's computer to track ad sale boosts and other conversions, when the visitor clicks on an ad. A few common uses of cookies: selection of ads based on their relevancy to the current visitor, perfecting reports on campaign performance, avoiding the display of ads already seen by the current visitor.

 

Google Analytics cookie: Google Analytics is an analytical tool of Google, which allows the owners of websites and applications to gain a deeper understanding of their visitors' activities. The service may use cookies to gather information and compile reports on statistical data regarding website use, without individually identifying visitors for Google. Main cookies used by Google Analytics are "__ga" cookies. Besides the reports on statistical data regarding website use, Google Analytics (and some of their ad cookies described above) may be used to display more relevant ads in Google products (e.g. Google Search) and all over the Internet.

 

If a visitor of the website does not accept the use of cookies, some functions may not be available to them. More information on the deletion of cookies can be found here:

  1. Internet Explorer: https://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
  2. Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  3. Chrome: https://support.google.com/chrome/answer/95647?hl=en

XSRF-TOKEN: CSRF (Cross-Site Request Forgery) is used to prevent attacks;

laravel_session: Used to differenciate between users. (necessary for entry, admin interface);

Google reCAPTCHA cookie: a google service that serves to filter out robots or to distinguish them from people.

 

4.2.  Legal Basis for Data Processing:

 

The Consent given by the Data Subject in accordance with Article 5(1)(a) of the Infotv., Article 155(4) of the Ehtv.,Article 13/A(4) of the Ektv., and Article 6(1)(a) of the GDPR.

 

4.3.  Range of Data Subjects:

 

Data Subjects include visitors of the Data Controller's website who have consented by clicking the "I accept" button when the cookie policy appeared on their screen.

 

4.4.  Range of Processed Personal Data

 

Google Adwords cookie: Session ID

Google Analytics cookie: Unique ID assigned to a registered user, which anonymously differentiates users and their browsing habits. Personal data is not included in the cookies. Details: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

XSRF-TOKEN: Session ID

laravel_session: Session ID

Google reCAPTCHA cookie: Session ID

 

4.5.  Duration of Processing

 

Google Adwords cookie: Maximum 2 years. Visitors can change settings with enable or disable the cookies.  For further information please visit Help page of your browser.

Google Analytics cookie: Maximum 2 years. Visitors can change settings with enable or disable the cookies.  For further information please visit Help page of your browser.

XSRF TOKEN: The cookie will be deleted at the end of the session. Visitors can change settings with enable or disable the cookies.  For further information please visit Help page of your browser.

laravel_session: The cookie will be deleted at the end of the session. Visitors can change settings with enable or disable the cookies.  For further information please visit Help page of your browser.

Google reCAPTCHA cookie: 2 years. Visitors can change settings with enable or disable the cookies.  For further information please visit Help page of your browser.

 

4.6.  Entities authorised to access Personal Data

 

Competent staff of Data Controller and Data Processor

 

4.7.  The Data Controller is the company named in Section 1 of this Data Processing Notice.

 

4.8.  The Data Processor

 

1) A Café Communications Kft. 

Mailing Address: H-1037 Budapest, Seregély utca 3-5.

E-mail: info@cafecommunications.hu

Website: http://www.cafecommunications.hu/ 

shall perform the following activities: website operation, maintenance

Data processing and data management activities: Analyze visitor data (anonymous), for later development of the site. Full access to the database.

 

2) A Lampyon Hungary Kft.

Mailing Address: H-1119 Budapest, Petzvál József utca 56.e-mail cím: info@lampyon.com

E-mail: http://lampyon.com/en/

shall perform the following activities: website development

Data processing and data management activities: Does not perform data management activities. Full access to the database for any technical troubleshooting.

 

3) Bonafarm Zrt.

Mailing Address: H-1023 Budapest, Alkotás u. 53

shall perform the following activities: server hosting

Data processing and data management technologies: with information system

contact: Decsi László – BF IT

 

4) Invitel Távközlési Zrt.

Mailing Address: H-2040 Budaörs, Puskás Tivadar u. 8-10.

shall perform the following activities: server hosting, storage

Data processing and data management technologies: with information system

contact datas, error reporting: help@invitel.co.hu

 

For further information about the Invitec service details, please click here: https://invicloud.hu/Home/About

 

5. QUESTIONS & SUGGESTIONS

 

Visitors of the Data Controller's website may send their questions and suggestions to the Data Controller electronically by filling out a form found on the following web page:

http://www.pick.hu/en/contactus.

 

5.1.  Purpose of Data Processing

 

The purpose of Processing is to (electronically) inform the visitors, answer visitor questions, receive visitor suggestions, to achieve more effective communication, to make administration easier, to maximise the fulfilment of visitor needs, and to amplify visitor satisfaction. For these purposes we intend to develop our products and quality control systems based on visitor/customer feedback and by taking into account visitor/customer needs.

 

5.2.  Legal Basis for Data Processing:

 

The Consent given by the Data Subject in accordance with Article 5(1)(a) of the Infotv. and Article 6(1)(a) of the GDPR.

 

The visitor may send their message to the Data Controller and consent to Processing activities after filling out the form by accepting the Data Processing Notice (by marking the appropriate box) and pressing "send message". A pop-up window confirms that the message was sent successfully.

 

5.3.  Range of Data Subjects:

 

Data Subjects include visitors who fill out the form and send electronic messages to the Data Controller.

 

5.4.  Range of Processed Personal Data

 

Visitors may fill out the form by giving their following Personal Data, which shall be used for the following activities. The authenticity of the given Personal Data is the sole responsibility of the visitor filling out the form and sending the electronic message.

 

Name: contacting and answering the questions of users

 

E-mail address: contacting and answering the questions of users

 

Phone number: contacting and answering the questions of users

 

5.5.  Duration of Processing

 

Data Processing may continue until Consent is revoked. The Data Controller shall maintain a filing system of persons who have given their Consent by filling out the form and sending messages to the Data Controller. If a Data Subject revokes their Consent, the Data Controller shall erase the Data Subject's Personal Data from their filing system and any existing database.

 

5.6.  Entities authorised to access Personal Data

 

Competent staff of Data Controller and Data Processor

 

5.7.  The Data Controller is the company named in Section 1 of this Data Processing Notice.

 

5.8.  The Data Processor

 

1) A Café Communications Kft. 

Mailing Address: H-1037 Budapest, Seregély utca 3-5.

E-mail: info@cafecommunications.hu

Website: http://www.cafecommunications.hu/ 

shall perform the following activities: website operation, maintenance

Data processing and data management activities: Analyze visitor data (anonymous), for later development of the site. Full access to the database.

 

2) A Lampyon Hungary Kft.

Mailing Address: H-1119 Budapest, Petzvál József utca 56.e-mail cím: info@lampyon.com

E-mail: http://lampyon.com/en/

shall perform the following activities: website development

Data processing and data management activities: Does not perform data management activities. Full access to the database for any technical troubleshooting.

 

3) Bonafarm Zrt.

Mailing Address: H-1023 Budapest, Alkotás u. 53

shall perform the following activities: server hosting

Data processing and data management technologies: with information system

contact: Decsi László – BF IT

 

4) Invitel Távközlési Zrt.

Mailing Address: H-2040 Budaörs, Puskás Tivadar u. 8-10.

shall perform the following activities: server hosting, storage

Data processing and data management technologies: with information system

contact datas, error reporting: help@invitel.co.hu

 

For further information about the Invitec service details, please click here: https://invicloud.hu/Home/About

 

6. DATA PROCESSING SAFETY

 

The Data Controller shall store data in the following format: electronic system.

 

The Data Controller and the Data Processor, within the scope of their activities, shall ensure the safety of the data during Processing, and shall take all technical and organisational measures and establish procedural policies necessary for compliance with the Infotv. and other data protection and privacy policies.

 

The Data Controller and Data Processor shall protect the data, especially from unauthorised access, transfer, disclosure, erasure and destruction, and accidental destruction, damage and from becoming inaccessible due to changes in the technology used by the Data Controller or Data Processor.

 

To protect the Data Sets processed electronically within the filing systems of the Data Controller, the Data Controller shall use the appropriate technical solutions to warrant that the stored data may not be connected or assigned to a Data Subject.

 

The computer system and network of the Data Controller shall be equally protected from computer-aided fraud, espionage, sabotage, vandalism, and fire, flood, computer viruses and physical break-ins. The operator shall employ security measures on the server- and application-levels.

 

7. DATA SUBJECT RIGHTS

 

7.1.    According to the Infotv.:

 

a)  Information

 

Upon the request of the Data Subject, the Data Controller shall provide information on the processed data of the Data Subject and the sources thereof, the purpose, legal basis and duration of the Processing, the activities related to the Processing, the circumstances and effects of and countermeasures taken against any Data Breach, and in case of Personal Data Transfers, on the legal basis and recipient of the data transfer.

The Data Controller shall provide the requested information in a clear & written format, at most within 25 days of receiving the request. The Data Subject may request information from the Data Controller once per year per data set for no additional fee. The Data Controller may determine a payable fee in other cases.

 

b)  Correction, Blocking, Erasure

 

The Data Controller shall correct any false Personal Data if they have access to the factually true version of said Personal Data.

 

The Data Controller shall block any Personal Data on request of the Data Subject, or if the Data Controller has reason to believe that the erasure of said data might violate the rights of the Data Subject. Blocked Personal Data may only be Processed until erasure of said Personal Data becomes possible i.e. the purpose of Processing that made erasure impossible no longer exists.

 

The Data Controller shall erase the Personal Data if:

  1. Processing is unlawful;
  2. the Data Subject exercises their right to be forgotten;
  3. the Processed data is incomplete or incorrect (and there are no exercisable legal remedies and no law forbids the erasure of the data);
  4. the purpose of Processing no longer exists, or the lawfully determined duration of storage has expired;
  5. ordered to do so by any court ruling or the Hungarian National Authority for Data Protection and Freedom of Information.

If the Data Controller fails to fulfil the Data Subject's request for correction, blocking or erasure, they shall provide, in writing or through electronic means with the Data Subject's approval and within 25 days of receiving the request, factual legal reasons for failing to correct, block or erase the data. In case the Data Controller refuses to correct, block or erase the requested data, they shall inform the Data Subject of all legal remedies and competent Authorities the Data Subject may turn to.

 

c)  Objection

 

The Data Subject may object to the Processing of their Personal Data if:

a)  the Processing or Transfer of Personal Data was necessary to fulfil a legal obligation of the Data Controller, or to pursue the legitimate interest of the Data Controller, the recipient of the transferred data or a third party, except where such Processing is required by law;

b)  the Use or Transfer of the Personal Data was done for marketing, opinion polling or scientific research purposes; and

c)  other legal requirements are met.

 

The Data Controller shall promptly, but at most within 15 days of receiving the request, review the request, reach a decision regarding its validity, and inform the requesting entity of their decision.

 

7.2.    According to the GDPR:

 

a)  Withdrawal of Consent

 

In addition to the above, the GDPR empowers the Data Subjects to withdraw their Consent to Data Processing. Withdrawal of Consent by a Data Subject is only valid with the clear and explicit indication of the Processing activity.

 

b)  Restriction of Processing

 

Data Subjects have the right to ask the Data Controller to restrict Data Processing activities if any of the following conditions are met:

  1. the Data Subject questions the accuracy of the Personal Data; in such cases the restriction applies to the time limit the Data Controller has to verify the accuracy of the Personal Data;
  2. the Processing is unlawful, but the Data Subject objects to the erasure of data, and instead asks for a restriction of Processing;
  3. the Data Controller no longer needs the Personal Data for the purpose of Processing, but the Data Subject requires them for submitting, exercising or defending legal claims; or
  4. the Data Subject objected to Processing, in which case the restriction applies to the time limit available for determining the priority of the Data Controller's and the Data Subject's legitimate reasons.

If Processing falls under restriction for any of the reasons listed above, then the restricted Personal Data may only be Processed, except for storage, with the explicit Consent of the Data Subject, or for the following purposes: submitting, exercising or defending legal claims, defending the rights of another natural or legal entity, the general public interest of the European Union or a Member State thereof.

 

The Data Controller shall inform in advance any Data Subject who requested restricted Processing of their data in case the restriction is lifted.

 

c)  Transfer

 

Data Subjects have the right to receive a copy of the Personal Data they submitted to the Data Controller, in detail and in a commonly used machine-readable format, furthermore, they may transfer these data to another data controller without obstruction from the Data Controller if:

  1. Processing is based on Consent or an agreement; and
  2. Processing is automated.

When a Data Subject exercises their right to data portability in accordance with the above, they may request the direct transfer of their Personal Data between data controllers if feasible.

 

7.3.  Enforcement of rights

 

Data Subjects may exercise their Data Processing rights via a personally signed postal letter sent to the Data Controller's place of business or via an e-mail sent to the e-mail address of the Data Controller from a verified e-mail address belonging to the Data Subject. Enforcement of a specific right by a Data Subject is only valid with the clear and explicit indication of the Processing activity.

 

If the Data Subject disagrees with any decision of the Data Controller, they may refer their case to a court of justice within 30 days of the disclosure of the decision. Legal remedies and complaints may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information:

 

Name:                      Nemzeti Adatvédelmi és Információszabadság Hatóság
                                  (Hungarian National Authority for Data Protection and Freedom of Information)

E-mail:                     ugyfelszolgalat@naih.hu

Mailing Address:     H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Phone:                     +36 (1) 391-1400

Website:                   www.naih.hu

 

Szeged, 2018.05.24.