Postanite SolarKit partner!
0
×
Nakupovalna košarica
Skupaj neto: 0.00 €
Ogled košarice
Država:
HU
Valuta:
EUR
Jezik:
SR

Privacy Policy

Solar Kit Hungary Kft. (hereinafter: Data Controller), as the operator of the https://shop.solar-kit.eu/hu website (hereinafter: Website), hereby publishes the information on data processing regarding the webshop available on the Website (hereinafter: Webshop) and other services related to the Website.

 The scope of this Privacy Policy (hereinafter: Privacy Policy) is the processing of data of the contact persons of the legal entities and organizations interested in the Data Controller's services or placed an order in the Webshop (hereinafter: Partner), as well as the data of natural persons initiating contact with the Data Controller (hereinafter together: User).

 

1.)            Data Controller’s data

The data controller is Solar Kit Hungary Korlátolt Felelősségű Társaság.

 

Registered office:                                1084 Budapest, Déri Miksa utca 6. 1. lház. 2. emelet 2.  

E-mail address:                                    nagyker@solar-kit.hu

Company registration number:       01-09-330542

Tax number:                                         26530129-2-42

 

2.)   Information about the data processing

 

a.)       Registration

 Processed data:

 On the registration form of the Website, Users can enter the data of the Partner and their contact data in order to use the Services and to be registered as a Partner.

 

·        full name;

·        company name;

·        tax number;

·        e-mail address;

·        phone number;

·        address (country, town, street, house number, postcode);

·        password.

 Purpose of data processing: To identify the Users and to provide the Service for Partners and to contact with the Partners. During data processing the name, e-mail address and phone number of the User as contact person are the personal data (in case the contact data belong to the contact person).

 Data Controller draws the Partner's attention to the fact that it is always the Partner's obligation and responsibility as employer to inform the User about the processing of his or her personal data for the purpose and under the conditions specified in this Privacy Policy.

 Duration of data processing: until the Partner's registration is cancelled, or until the User requests the deletion of his/her data or objects to the use of his/her data.

 Legal basis of data processing: the legal basis for processing the data of the User is the legitimate interest of the Data Controller in relation to the contact between the Data Controller and the Partner, the performance of the potential contract and the fulfilling the order based on point f) of Article 6 (1) of the Regulation of the European Parliament and of the Council (EU) 2016/679 (27 April 2016) on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (hereinafter: GDPR). In the opinion of the Data Controller, the contract cannot be fulfilled without processing the User's data. In order to ensure the User's right to the protection of his personal data, the Data Controller uses the User's personal data exclusively for the purpose of maintaining contact with the Partner, provides him/her with adequate information on the circumstances of data processing in all cases, and also ensures him/her the rights specified by the GDPR and contained in Section 4 of this Privacy Policy.

 

b.)       Contact

 Processed data:

 On the contact form of the Website and via other contacts of the Data Controller (e-mail, phone), Users can enter their data in order to receive information on the services, products and their orders. By filling in the order form the following personal data may be provided:

 

·        full name;

·        e-mail address;

·        message;

·        phone number.

 

If the User contacts the Data Controller by phone or e-mail, the Data Controller may process the following data of the User in connection with the contact:

·        full name;

·        name of company;

·        email address;

·        telephone number;

·        message/request;

·        other information provided by the User.

 

Purpose of data processing: to provide information related to the Data Controller's products, services and activities, including contacting and communicating with the User interested in the products and services provided by the Data Controller, informing Users and handling comments related to the Data Controller's activities.

 Duration of data processing: data are processed for a maximum of 30 days from the end of the bilateral communication between the Data Controller and the User, or until the User requests the erasure of their data or withdraws their consent to the processing of their personal data.

 Legal basis of data processing: voluntary and explicit consent of the User (given by clicking the checkbox to accept this Privacy Policy) pursuant to Article 6 (1) a) of GDPR.

If the User does not contact the Data Controller through the form of the Website, the Data Controller shall send this Privacy Policy to the User after the first contact, who shall confirm the knowledge and acceptance by e-mail or other verifiable means. If the confirmation is not received by the Data Controller within 30 days at the latest, the Data Controller deletes the User's data.

 

c.)        Order

 Processed data:

 If the Partner selects one of the products on the Webshop, User can enter his/her data on the ordering site in order for the Data Controller to be able to fulfil its order. During the order the following personal data may be provided (all data marked with an * must be provided):

 

·        full name;

·        e-mail address;

·        phone number;

·        invoicing address (country, town, street, house number, postcode);

·        delivery address (if it is other than the invoicing address);

·        company name,

·        tax number;

·        message;

·        delivery data;

·        payment data.

 

Purpose of data processing: To provide the service of the Webshop, so to perform the contract concluded for the purpose of the order, to deliver the ordered products, to contact the Users in connection with the order, to invoice the prices and fees arising from the contract and to enforce the related claims.

 Duration of data processing: Data Controller processes the necessary data for 5 (five) years after the purchase in accordance with Section 6:22 of Act V of 2013 on the Civil Code in order to enforce the obligations and rights arising from the contract concluded between the User and the Data Controller. It is the Partner's obligation and responsibility to inform the Data Controller if there is a change in the data of the contact person.

 Legal basis of data processing: the legal basis for processing the data of the User is the legitimate interest of the Data Controller based on Article 6 (1) f) of GDPR in relation to the contact between the Data Controller and the Partner and the fulfilling the order. In the opinion of the Data Controller, the order cannot be fulfilled without processing the User's data. In order to ensure the User's right to the protection of his personal data, the Data Controller uses the User's personal data exclusively for the purpose of maintaining contact with the Partner, provides him/her with adequate information on the circumstances of data processing in all cases and also ensures him/her the rights specified by the GDPR and contained in Section 4 of this Privacy Policy.

 The Data Controller declares not processing, collecting or storing any card data required for the payment and not having access to such data in any manner when the payment is made with a credit card. The Data Controller declares that it is not responsible for the lawfulness of the processing of transaction data by Stripe (Stripe Payments Europe, Ltd.; https://stripe.com/en-hu/privacy; hereinafter: Service Provider), which provides the option to pay by credit card. The User can get information about the Service Provider's data processing on the Service Provider's website or through their other contact channels.

 User account

 Following the successful registration or if the Partner/User marks the relevant check box during order, the system creates the user account of the Partner, containing the following data:

  • Partner’s/User’s data provided during order;
  • Partner’s/User’s data related to the previous orders.

 When using the user account, the Partner has the opportunity to track the orders, provide the data required for the order and modify the data provided.

 

3.)   Parties eligible for accessing personal data, data processing

 

The Data Controller and the Data Processor employed by it are entitled to have access to personal data in compliance with the provisions of applicable laws and regulations.

 The data are processed on contract with the Data Controller by the following data processors:

 

  • Hosting service provider:

Name: Inclust System Kft.

Address: 1054, Budapest, Honvéd utca 8., 1/2.                

E-mail: supportinclust.com                          

The purpose of data processing is the hosting service required for the operation of the Website and the Webshop.

 

  • Web developer:

Name:    Genion Group Bt.

Address: 9028 Győr, Kisdiófa utca 15.

E-mail: istvan.forgacs@genion.hu

The purpose of the data processing is to provide the necessary developments for the operation of the online store, maintaining the website.

 

  • Delivery service provider:

Name:                   GLS General Logistics Systems Hungary Kft.

Address:               2351 Alsónémedi, GLS Európa utca 2.

The purpose of data processing is to deliver the ordered products to the Partner, contact with the Partner regarding delivery.

 

Name:                    SCHENKER Nemzetközi Szállítmányozási és Logisztikai Kft.

Address:               2351 Alsónémedi, GLS Európa utca 2.

The purpose of data processing is to deliver the ordered products to the Partner, contact with the Partner regarding delivery.

 

 

The Data Controller reserves the right to involve other data processors in data processing in the future, and to inform the Users about it by amending this Privacy Policy.

 Without an expressed statutory provision, the Data Controller may transfer data suitable for personal identification to third parties only with the explicit consent of the User.

 

4.)   User rights

 Access to personal data

 Upon the request of the User, the Data Controller shall provide information on whether or not their personal data are being processed by the Data Controller, and where that is the case, shall grant them access to the personal data, and shares the following information:

  • the purpose(s) of the processing;
  • the categories of personal data concerned;
  • the legal ground and recipient(s) in the event of transferring the personal data of the User;
  • the envisaged processing period;
  • the User’s rights relating to the rectification, erasure and restriction of processing of the personal data, as well as the option to object to personal data processing;
  • the possibility of lodging a complaint with a supervisory Authority;
  • the data source;
  • relevant information on profiling;
  • the name, address of the processors and their activities related to data processing.

 

The Data Controller shall provide the User with a copy of the personal data undergoing processing free of charge. For any further copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs. Where the User makes the request by electronic means, the information shall be provided in a commonly used electronic form, unless otherwise requested by the data subject.

 The Data Controller is obliged to provide the information at the request of the User in an intelligible form without undue delay, but no later than one month of the submission of the request. The User may submit their request for access through the contact channels specified in Section 1.

 Rectification of processed data

 The User may request the Data Controller (at the contact details specified in Section 1) to rectify inaccurate personal data or the supplementation of incomplete data, taking into account the purpose of data processing. The Data Controller shall fulfil the rectification requirement without undue delay.

 Erasure of processed data (right to be forgotten)

 The User may request the Data Controller to erase their personal data without undue delay, the Data Controller shall be obliged to erase the personal data concerning the data subject without undue delay, if any of the following criteria is fulfilled:

a)       the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b)       the User withdraws its consent and here is no other legal ground for the processing;

c)        the User objects to the processing of your personal data;

d)       the personal data have been unlawfully processed;

e)       the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

f)        the personal data obtained based on consent was collected with the provision of services relating to the information society to children.

 

Where the Data Controller has made the personal data public (made it available to a third party) and are obliged to erase them pursuant to the above, the Data Controller shall take into account the available technology and the cost of implementation, shall take reasonable steps to inform data controllers who are processing the affected personal data that the User has requested them to erase any links to, or copy or replication of those personal data, as well as to erase any duplicate copies.

 Personal data are not required to be erased when data processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing of personal data by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

 

Restriction of processing

 The User has the right to request the Data Controller to restrict the data processing instead of rectifying or erasing personal data if any of the following criteria applies:

 

  • the accuracy of the personal data is contested by the User, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defense of legal claims;
  • the User objected to data processing; in such cases the restriction shall only apply to the time period necessary to determine whether the legitimate reasons of the Data Controller override those of the data subject.

 

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the User's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

 The Data Controller shall inform the User, at whose request the processing has been restricted, of the lifting of the processing restriction in advance.

 Notification obligation regarding rectification or erasure of personal data or restriction of processing

 The Data Controller communicates any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. At the request of the User, the Data Controller informs the User about these recipients.

 

Right to data portability

 The User is entitled to receive the personal data concerning him / her provided to the Data Controller in a structured, widely used, machine-readable format and to transmit this data to another data controller. If requested by the User, the Data Controller will export the processed data in PDF and / or CSV format.

 Right to objection

 The User has the right to object to the processing of their personal data, if the data processing

  • is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • is necessary for the enforcement of the legitimate interests of the Data Controller or a third party.
  • is based on profiling.

 In the event of the User’s objection, the Data Controller shall abandon the processing of the personal data unless the Data Controller proves that the data processing is justified by compelling legitimate grounds which override the User’s interests, rights and freedoms, or are necessary for the establishment, exercise or defense of legal claims.

 Measures of the Data Controller in case of the User's request

 The Data Controller shall inform the User without undue delay, but no later than within one month from the receipt of the request, of the measures taken in relation to the access, rectification, erasure, restriction, objection or data portability request. This deadline may, however, be extended by two months if warranted by the complexity of the request or the number of requests. The Data Controller shall notify the User of any such extension within one month of receiving the request; such a notification shall include the reason of the extension. If the User submits the request via an electronic channel, the notification shall preferably be sent to them in an electronic format unless the data subject requests a different format.

 If the Data Controller fails to act upon the User’s request they shall notify the User, without delay but no later than within one month of receiving the request, of the reasons of such a failure, and shall also inform the User that they may place a complaint at a supervisory authority, and may seek judicial legal remedy.

 Upon the request of the User, the information, notifications and the measures taken on their request shall be provided free of charge. If the User’s request is clearly unfounded or excessive, in particular because of its repetitive nature, the Data Controller may, either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or may refuse to take action in relation to the request. The burden of demonstrating the clearly unfounded or excessive nature of the request falls on the Data Controller.

 

5.)   Managing and reporting personal data breaches

 All incidents are considered personal data breaches which result in the unauthorised processing or controlling of personal data, in particular unauthorised or accidental access, alteration, disclosure, erasure, loss or destruction of personal data processed, transferred, stored or processed by the Data Controller, or in its accidental destruction or damage.

 The Data Controller is obliged to notify the NADPFI of the personal data breach without undue delay, but no later than 72 hours after the detection of the personal data breach, unless, the Data Controller can prove that the personal data breach is unlikely to pose a risk to the rights and freedoms of natural persons. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification and information may be provided in phases without undue further delay. The notification to NADPFI includes at least the following information:

 

  • the nature of the personal data breach, the number and categories of data subjects and personal data;
  • Title and contact information of the Data Controller;
  • the likely consequences arising from the personal data breach;
  • the measures taken or planned to manage, rectify or remedy the personal data breach.

 

The Data Controller shall inform the data subjects about the personal data breach via the Data Controller's website within 72 hours after having become aware of the data breach. The information shall include at least the data specified in this Section.

 The Data Controller keeps a record of each personal data breach for controlling the measures taken in relation to the occurring incidents and for providing information to the data subjects. The records contain the following data:

 

  • the scope of the affected personal data;
  • the range and number of data subjects;
  • the date and time of the personal data breach;
  • the circumstances and effects of the personal data breach;
  • the measures taken for the prevention of the personal data breach.

 The Data Controller keeps the data contained in the record for 5 years from the detection of a personal data breach.

 

6.)   Data security

 The Data Controller undertakes to ensure the security of data and takes all technical and organisational measures, puts into place the procedural rules that ensure the protection of all collected, stored and processed data, as well as preventing the destruction, unlawful use and unlawful alteration of data. The Data Controller also undertakes to call upon each third party to whom data are transferred or transmitted without the Users’ consent to comply with the data security requirements.

 The Data Controller shall ensure that no unauthorised persons may access, disclose, transfer, modify or erase the processed data. The processed data may be accessed only by the Data Controller and its employees, as well as the Processor employed by them, and the Data Controller shall not transfer the data to any third party not authorised to have access to them.

 The Controller shall make every possible effort to ensure data are not accidentally damaged or destroyed. The Data Controller requires all its employees to take part in data processing activities to assume the above obligations.

 The User acknowledges and accepts that if their personal data are provided on the website, full data protection cannot be guaranteed on the internet despite the fact that the Data Controller has up-to-date security equipment to prevent any unauthorised access to data or the detection thereof. If data are accessed without authorisation or data are obtained despite our efforts, the Data Controller shall not be held liable for the obtaining of data in such a manner or for any unauthorised access to them, or for any damage occurring at the User as a consequence thereof. In addition, the User may also supply personal data to third parties who may use it for unlawful purposes and in an unlawful manner.

 

7.)   Law enforcement options

 The Data Controller shall make all reasonable efforts to process personal data in compliance with the laws and regulations, however, if Users feel that this has not been complied with, they can write using the contact details indicated in Section 1.

 

If Users feel that their right to the protection of personal data has been violated, they can seek legal remedy in compliance with the applicable laws and regulations at organizations that have jurisdiction, as

  • the Hungarian National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11.; ugyfelszolgalat@naih.huwww.naih.hu) or
  • in court.

 

8.)   Other provisions

 This Privacy Policy is governed by the Hungarian law, especially by the provisions of Act CXII of 2011 on the Right of Informational Self-determination and Freedom of Information and the GDPR.

 

Budapest, 2024