Website Datasheet Documentation
Webshop B2B contact persons for customers
This information note is related to the data processing of the personal (company) account that can be created on our webshop.
ARMIN TRADE Kft. (Székhely: 4024 Debrecen, Kossuth utca 22. 2. em. 4., képviselő: Szivós István Dániel ügyvezető)
Telefonszám: +36 52 794 696
email cím: firstname.lastname@example.org
- Purpose of personal data processing
The purpose of creating a personal account is to place orders on the webshop, fulfill orders, keep contact. Enhance the user experience. Facilitate the placement of the next order.
- Scope of processed data
Name, name of company represented (company data are not subject to GDPR), its e-mail address, phone number, other data related to fulfilling the contract, products used and the related services (e.g. invoicing, favourite products)
- Legal basis of data processing
For persons registering as representatives of a company, the legal basis is Article 6 (1) f) of the GDPR (validation of the legitimate interests of the controller and the legal person or other organisation that places the order).
Legitimate interest of the controller: Legitimate interests are keeping business-purpose contact, fulfilling a contract, following up the generated income and obligations undertaken
Result of the interest assessment test:
The legitimate interest of the controller proportionally restricts the legitimate interest of the data subjects. Processing the personal data of the data subject is indispensable to fulfill the product orders, there are no available alternative data processing solutions that handle less personal data or follow other methods.
- Period of storage of personal data
Until the deletion of the personal account or the execution of the right to object of Article 21 (2)-(3) of the GDPR (whichever is earlier).
In relation to a civil action, fulfilling an obligation, 5 years from the termination of the contractual relationship with the Partner (Section 6.22 (1) of the Hungarian Civil Code) having regard to the fact that civil law claims lapse in 5 years).
- Engaging another processor
Tárhely.Eu Szolgáltató Kft.
Székhely: 1144 Budapest, Ormánság utca 4. X. em. 241.
Cg. szám: 01-09-909968
- Circle of persons entitled to know the data
Co-workers of the controller who processes purchase orders.
- Rights of data subjects
GDPR includes your data protection rights and legal remedies in detail. You can anytime request information on your data, you can anytime request the rectification, erasure or restriction of processing your data, you can object against data processing (contact data) based on legitimate interest. Below the most important provisions are summarised.
Right to information: If the controller processes personal data concerning you, the controller shall provide you with information, even if you do not request this, such as the most important characteristics of data processing, the purposes, legal basis, period of data processing, the person and contact details of the controller and its representative (in the case of transfer to third countries with reference to the appropriate or suitable safeguards), in the case of data processing based on legitimate interest about the legitimate interest of the controller and/or the third party, and your rights and legal remedies related to data processing (including the right to submit a complaint with the supervisory authority), if you do not yet possess that information.
The controller provides you with the information by making the present information note available to you.
Right to access: You shall have the right to receive a feedback from the controller concerning whether your personal data are being processed or not and if they are being processed, you shall have the right to obtain access to the personal data and specific pieces of information in connection with the data processing including the purpose of data processing, the categories of personal data of the data subject, the recipients of personal data, the (planned) period of data processing, the rights and legal remedies of the data subject and in the case of data gathered from the data subject the pieces of information referring to the source thereof. On your request, the controller provides you with a copy of the personal data undergoing processing. The controller may charge you with a reasonable fee for further copies requested by you that are based on administrative costs. The right to obtain a copy may not adversely affect the rights and freedoms of others. You shall be informed about the possibility of obtaining a copy, its form, its possible costs and other details by the controller on your request.
Right to rectification: You shall have the right to make the data processor rectify the inaccurate personal data concerning you without undue delay. Taking into account the purpose of the data processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure: You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay if specific conditions apply. Among others, if the controller shall erase your personal data on your request if the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; you withdraw consent to which the processing is based and there are no overriding legitimate grounds for the processing; or your personal data have been unlawfully processed; you object against the processing and there are no legitimate reasons for the processing; the deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject; the personal data have been collected in relation to the offer of information society services.
Right to restriction of processing: You have the right to require the controller to restrict processing if one of the following conditions applies: a) you dispute the accuracy of your personal data; in which case processing may be restricted during the period it takes for the controller to verify the accuracy of the data; b) the processing is unlawful and you object against the deletion of the personal data and request a restriction of the use of the personal data instead; c) the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims; or d) you have objected against the data processing for the period until it is determined that the legitimate interests of the controller overrides your legitimate interests. In case the processing of your personal data was subject to restriction, and notwithstanding their storage, such data shall only be processed with your consent or for the establishment, exercise, or defense of claims or for the procurement of the protection of rights of a natural or legal person or for purposes of an important public interest of the European Union or a member state.
In case the restriction of processing has been executed in accordance with the above, you shall be informed by the controller prior to the cancellation of such restriction.
Right to object: you have the right to object against data processing (contact data) based on legitimate interest. In such a case the controller may keep processing your data, if the controller can demonstrate compelling legitimate grounds for the processing which override your legitimate interests.
Right to complain:
The controller provides the requested information without undue delay but within one month from the receipt of the request at the latest about the measures taken based on your request related to your rights listed previously. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller informs you as to any such extension within one month as of receipt of the request, stating the reasons for the delay. If the controller does not take action on your request, the controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of you lodging a complaint with the competent data protection supervisory authority (in Hungary the Hungarian National Authority for Data Protection, NAIH) and you can be seeking a judicial remedy. (Contact details of NAIH: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Tel: +36 1391 1400, E-mail: email@example.com) In the event of violation of your rights, you may seek ruling from a court. The proceedings fall within the jurisdiction of the General Court (Regional court in Hungary). If requested by the data subject, the action may also be brought before the general court in whose jurisdiction the home address or temporary residence of the data subject is located. You may claim any damage caused to you as a result of unlawful processing (including any breach of data security measures) from the controller liable for the damage caused.
- Transfers of personal data to a third country or an international organisation
- Automated decision-making, profiling
- Data security measures: The controller shall plan and perform data processing so that the privacy of the data subjects is protected when applying the provisions of the GDPR and other provisions related to data processing. The controller ensures the security of the data, furthermore, takes technical and organisational measures and establishes the procedural rules necessary to enforce GDPR and other data protection and confidentiality regulations. The data is protected using the appropriate actions, particularly against unauthorised access, alteration, forwarding, disclosure, deletion or destruction as well as accidental destruction and damage, furthermore becoming inaccessible due to the change in the applied technique. In this, the company shall store the personal data of the data subject in a password-protected and/or encrypted database. The company shall provide a risk-proportionate level of protection of data via firewalls and antivirus programs. It monitors data protection incidents continuously. The controller stores the completed questionnaires on its own server electronically.