Last modified: 1th March 2023

Effective date: 1th November 2021

Thank you for using our services! Smart Greenhouse Control Kft. protects and respects your personal data and respects your rights related thereto.

To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the processing of personal data provided to

Nazwa firmy: Smart Greenhouse Control Korlátolt Felelősségű Társaság

Registered seat: 6000 Kecskemét, Jókai utca 40. földszint 2., Hungary

Nr KRS: 03-09-135600

NIP: 27505962-2-03

Registered at: Metropolitan Court of Kecskeméti as Company Registration Court

Represented by: Gábor Németh as managing director

Telefon: +36 30 364 5018

E-mail: hello@foliavezerles.hu 

(hereainafter referred to as: „Service Provider”)

by the Data Subjects (hereinafter referred to as the “Customer”) of the products and software related to the products (hereinafter referred to as: “Service”) provided by the Service Provider and specified in detail in the Service Provider’s General Terms and Conditions (hereinafter referred to as the “GTC”) or by natural persons acting on behalf of the Customer as Data Subjects in connection with the use of the Service or for other purposes specified in this Policy. 

The aim of the Policy is to give a clear picture about why, how and how long we process personal data of individuals who come into contact with our company.

 

I. A few data privacy related definitions to better understand the Policy

 

Personal data

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law.

Processor

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Third Party

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Data forwarding

Means the disclosure of personal data to specific third parties.

Data Subject

Everybody who shares his/her personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, You who reads this Policy.

Consent of the data subject

means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Sensitive data

personal data referring to racial origin, nationality, political opinions or membership in any political party, religious or other beliefs, membership of an advocacy organization, sex life, personal data concerning health, pathological data.

Genetic data

means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

Biometric data

means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data.

Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN The above list is not complete so should you need more information or explanation do not hesitate to contact us.

We would like to inform You that during our processing we do not process or request from You any sensitive, genetic or biometric data.

 

II. Other definitions

 

Website

means the website available under the domain https://foliavezerles.hu/, through which the Customer or the Data Subjects can obtain information about the Service Provider and the Service and through which they can contact the Service Provider

Service

means the sale of technological tools related to the cultivation of plants in polytunnels and the provision of access to the software that supports the operation of these tools

III. Principles of data processing

The Service Provider shall process the personal data of the Customer or of the Data Subject in accordance with the following principles laid down in Article 5 Section (1) of the GDPR:

• processes personal data lawfully and fairly and in a transparent manner (“lawfulness, fairness and transparency”);
• collects personal data only for specified, explicit and legitimate purposes and does not process them in a way incompatible with those purposes (“purpose limitation”);
• the personal data processed are adequate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimisation”);
• ensure that the personal data are accurate and, where necessary, kept up to date and take all reasonable steps to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay (“accuracy”);
• store the personal data in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed (“limited storage”);
• process personal data in a manner to ensure appropriate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by implementing appropriate technical or organisational measures (“integrity and confidentiality”) 
  

  In which cases do we process personal data?

The Service Provider shall process the personal data of the Customer or the Data Subject in the following cases, taking into account the principles described in Chapter III above:

• Browsing the website
• Request an offer, contacing, customer service
• Keeping contact during contractual relationship
• Payment and invoicing
• Registering to the use the software
• Data processing related to the operation of the software
• Newsletter subscription
• Cookies
  
  Which data, for which purpose and for how long do we process?

In each of the cases set out above, the legal ground for processing personal data may be:

• In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed and unambiguous consent of the Customer and the Data Subject (hereinafter as: „Consent”).
• In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the Customer is party (hereinafter as: „Performance of Contract”).
• In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”).
• In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”).

 

IV.1. Browsing the website

Scope of data processed	Purpose of processing	Legal ground for processing	Naming the legitimate interest	Duration of processing
IP address of the Data Subject	Protection of the IT systems of the Service Provider and securing the Website	Legitimate Interest	Securing the operation of the Website	30 days from visiting the Website

The Website may be freely visited and browsed by the Data Subject without expressively providing any personal data to the Service Provider. However, when visiting the Website at any time, the Data Subject’s computer or mobile device sends a request to the Service Provider. It is like sending a letter to which You wish to get the content of the Website as an answer. The Service Provider can only answer this request if the Data Subject provides his/her address. This address is the Data Subject’s internet identifier address, IP address for short. The Service Provider sends the requested Website to this IP address. This is an automatic process, by typing the domain of the Website to the web browser or by clicking to a link published anywhere that is directing to the Website the Data Subject gives his/her consent to provide the IP address for this purpose and to be processed by the Service Provider. To make this „correspondence” smooth the servers of the Service Provider store the IP address of the Data Subject in log files.

The identification and storing of IP addresses is necessary to protect the IT systems of the Service Provider and the Website as well. Protection against possible malicious activities against the Website is partly ensured by that the Service Provider is logging the operation of the Website and in this log, it lists the IP addresses from which requests to its servers were made. If the Service Provider detects an activity from an IP address that interferes with the secure operation of the Website, he addresses will be blacklisted. Any malicious activity is prevented and resolved through legal action. If nothing unordinary occurs, the Service Provider deletes the log files and the IP addresses. IP addresses stored in log files will not be used by the Service Provider for any other purpose and will be automatically deleted within 30 days and we keep it only if the Data Subject has performed any prohibited activity from that IP address. These activities are either listed above or other activities that violate local, state, national or international law.

 

IV.2. Requesting offer, contacting, customer service

The Service Provider maintains a customer service for the purpose of providing information on the Service to Data Subjects and prospective Customers. Customer service requests are managed by telephone, e-mail or through the contact form placed on the Website. The Data Subjects or Customers may also contact the Service Provider through the aforementioned channels if they wish to request an offer from the Service Provider in connection with the use of the Service.

 

IV.2.1. When contacting by e-mail:

When the Data Subject contacts our customer service by e-mail at hello@folivezerles.hu  he/she acknowledges the processing of his/her data by sending the e-mail. In order to fulfill (customer service) requests, we need to process certain personal data. Without them, we will not be able to fulfill Your (customer service) request, as we would not be able to contact You.

Scope of data processed	Purpose of processing	Legal ground for processing	Specifying legitimate interest	Duration of processing
First and last name of the Customer / Data Subject	Identification of the Customer / Data Subject fulfillment of customer support request	Performance of contract (in case of an existing business relationship) / Legitimate interest (without business relationship)	The Service Provider’s legitimate interest in providing the Service to an adequate standard or in establishing a new business relationship with the Customer.	Until an objection is raised by the Data Subject but for quality assurance until 31st December of the year following the year in which the (customer service) request was resolved
E-mail address of the Customer / Data Subject	Identification of the Customer / Data Subject fulfillment of customer support request	Performance of contract (in case of an existing business relationship) / Legitimate interest (without business relationship)	The Service Provider’s legitimate interest in providing the Service to an adequate standard or in establishing a new business relationship with the Customer.	Until an objection is raised by the Data Subject but for quality assurance until 31st December of the year following the year in which the (customer service) request was resolved
The social media contact of the Customer / Data Subject possibly shared in his/her e-mail „signature”	–	Performance of contract (in case of an existing business relationship) / Legitimate interest (without business relationship)	The Service Provider’s legitimate interest in providing the Service to an adequate standard or in establishing a new business relationship with the Customer.	Until an objection is raised by the Data Subject but for quality assurance until 31st December of the year following the year in which the (customer service) request was resolved

 

IV.2.2.When contacting by phone:

If the Data Subject contacts the Service Provider’s customer support by telephone at +36 30 364 5018 or if the Service Provider’s customer support calls the Data Subject back, the Service Provider will inform the Data Subject at the beginning of the telephone conversation that for quality assurance reasons and in order to enable the Service Provider to fulfil the customer service request, the following data will be processed. The Data Subjects are informed that no audio recording of the telephone conversation will be made.

Scope of data processed	Purpose of processing	Legal ground for processing	Specifying legitimate interest	Duration of processing
First and last name of the Customer / Data Subject	Identification of the Customer / Data Subject fulfillment of customer support request	Performance of contract (in case of an existing business relationship) / Legitimate interest (without business relationship)	The Service Provider’s legitimate interest in providing the Service to an adequate standard or in establishing a new business relationship with the Customer.	Until an objection is raised by the Data Subject but for quality assurance until 31st December of the year following the year in which the (customer service) request was resolved
Phone number of the Customer / Data Subject	Identification of the Customer / Data Subject fulfillment of customer support request	Performance of contract (in case of an existing business relationship) / Legitimate interest (without business relationship)	The Service Provider’s legitimate interest in providing the Service to an adequate standard or in establishing a new business relationship with the Customer.	Until an objection is raised by the Data Subject but for quality assurance until 31st December of the year following the year in which the (customer service) request was resolved

 

IV.2.3. When contacting via the offer request / contact form placed on the Website

If the Data Subject needs information or technical assistance in connection with the Service, or if he/she would like to request an offer from the Service Provider, he/she may also contact the Service Provider via the contact form on the Website. To contact us via the form.

Scope of data processed	Purpose of processing	Legal ground for processing	Specifying legitimate interest	Duration of processing
First and last name of the Customer / Data Subject	Identification of the Customer / Data Subject fulfillment of customer support request	Performance of contract (in case of an existing business relationship) / Legitimate interest (without business relationship)	The Service Provider’s legitimate interest in providing the Service to an adequate standard or in establishing a new business relationship with the Customer.	Until an objection is raised by the Data Subject but for quality assurance until 31st December of the year following the year in which the (customer service) request was resolved
E-mail address of the Customer / Data Subject	Identification of the Customer / Data Subject fulfillment of customer support request	Performance of contract (in case of an existing business relationship) / Legitimate interest (without business relationship)	The Service Provider’s legitimate interest in providing the Service to an adequate standard or in establishing a new business relationship with the Customer.	Until an objection is raised by the Data Subject but for quality assurance until 31st December of the year following the year in which the (customer service) request was resolved
Phone number of the Customer / Data Subject	Identification of the Customer / Data Subject fulfillment of customer support request	Performance of contract (in case of an existing business relationship) / Legitimate interest (without business relationship)	The Service Provider’s legitimate interest in providing the Service to an adequate standard or in establishing a new business relationship with the Customer.	Until an objection is raised by the Data Subject but for quality assurance until 31st December of the year following the year in which the (customer service) request was resolved

The Service Provider requests the Customer and the Data Subject not to provide the Service Provider with any other personal data in addition to the above, especially if the Service Provider does not expressly request it. The Service Provider shall immediately and irrevocably delete any personal data provided to it by the Customer or the Data Subject without being requested to do so and shall not be liable in connection with any data thus obtained.

 

IV.3. Keeping contact during contractual relationship

If a contractual relationship has been established between the Customer and the Service Provider, it is necessary to process the personal data of the Customer or the person designated by the Customer for contacting purposes, as detailed below, in connection with the performance of the contract. The legal ground for processing in these cases is the Service Provider’s legitimate interest, and the purpose is to provide information, knowledge or advice to the Customer in relation to issues that may arise in the course of the contractual relationship. The Customer acknowledges that it is the Customer’s responsibility and liability to obtain the consent of the person designated to contact the Service Provider (if this is not the Customer itself) to provide the Service Provider with his/her data.

Scope of data processed	Purpose of processing	Legal ground for processing	Specifying legitimate interest	Duration of processing
E-mail address of the Customer or the person deisgnated by the Customer for contact	Keeping contact with the Customer connection with the performance of the contract	Legitimate interest	Providing information for the Customer in connection with the performance of the contract	Until an objection is raised against processing or the appointment of a new contact person, but no later than 31st December of the year of termination of the contract
First and last name of the Customer or the person deisgnated by the Customer for contact	Keeping contact with the Customer connection with the performance of the contract	Legitimate interest	Providing information for the Customer in connection with the performance of the contract	Until an objection is raised against processing or the appointment of a new contact person, but no later than 31st December of the year of termination of the contract
Phone number of the Customer or the person deisgnated by the Customer for contact	Keeping contact with the Customer connection with the performance of the contract	Legitimate interest	Providing information for the Customer in connection with the performance of the contract	Until an objection is raised against processing or the appointment of a new contact person, but no later than 31st December of the year of termination of the contract

 

IV.4. Payment and invoicing

V.4.1. In case the invoice for the Service is issued to a legal entity, the Service Provider will process the following personal data:

Scope of data processed	Purpose of processing	Legal ground for processing	Specifying legitimate interest	Duration of processing
Phone number of the person deisgnated by the Customer for contact	Contacting the Customer in connection with invoicing	Legitimate interest	A Szolgáltató által jogszabály alapján kötelezően kiállítandó számla Megrendelő részére történő megküldése	Until the end of the five (5) year period from the end of the contractua relationship in accordance with Article 6:22 Section (1) of Act V of 2013 on the Civil Code (general limitation period for claims)
First and last name of the person deisgnated by the Customer for contact	Contacting the Customer in connection with invoicing	Legitimate interest	A Szolgáltató által jogszabály alapján kötelezően kiállítandó számla Megrendelő részére történő megküldése	Until the end of the five (5) year period from the end of the contractua relationship in accordance with Article 6:22 Section (1) of Act V of 2013 on the Civil Code (general limitation period for claims)
Phone number of the person deisgnated by the Customer for contact	Contacting the Customer in connection with invoicing	Legitimate interest	Kapcsolattartás a Szolgáltató által jogszabály alapján kötelezően kiállítandó számlával kapcsolatosan	Until the end of the five (5) year period from the end of the contractua relationship in accordance with Article 6:22 Section (1) of Act V of 2013 on the Civil Code (general limitation period for claims)

The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g.. info@example.com or finance@examle.com) then the Service Provider process the data, but it shall not be considered as personal data. The Service Provider draws the attention of the Customer that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the Customer.

V.4.2. If the invoice for the consideration to be paid for the use of the Service is issued to a natural person, a so-called taxable individual, a self-employed entrepreneur or farmer the Service Provider will process the following personal data.

Scope of data processed	Purpose of processing	Legal ground for processing	Duration of processing
First and last name of the Data Subject (Customer)	Data mandatorily to be recorded in the issued invoice	Compliance	8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting
Address of the Data Subject (Customer)	Data mandatorily to be recorded in the issued invoice	Compliance	8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting
Tax number of the Data Subject (Customer)	Data mandatorily to be recorded in the issued invoice	Compliance	8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting
E-mail address of the Data Subject (Customer)	Contacting the Customer in connection with invoicing	Compliance	8 years from issuing the invoice in accordance with Section 169 Subsection (2) of Act C of 2000 on Accounting

The mandatory data content of the invoice and the period of storage of the invoice are prescribed by law, so the Service Provider processes these data in order to fulfil its legal obligations.

 

IV.5. Registration for the use of the software

The use of the software provided to the Customer by the Service Provider within the framework of the Service is subject to registration and the creation of a user account through registration, for which the following data must be provided:

Scope of data processed	Purpose of processing	Legal ground for processing	Duration of processing
First and last name of the Data Subject (Customer)	Data required to use the software, register and create a user account	Performance of contract	Until the end of the five (5) year period from the end of the contractua relationship in accordance with Article 6:22 Section (1) of Act V of 2013 on the Civil Code (general limitation period for claims)
E-mail address of the Data Subject (Customer)	Data required to use the software, register and create a user account	Performance of contract	Until the end of the five (5) year period from the end of the contractua relationship in accordance with Article 6:22 Section (1) of Act V of 2013 on the Civil Code (general limitation period for claims)
Phone number of the Data Subject (Customer)	Data required to use the software, register and create a user account	Performance of contract	Until the end of the five (5) year period from the end of the contractua relationship in accordance with Article 6:22 Section (1) of Act V of 2013 on the Civil Code (general limitation period for claims)
Password set by the Data Subject (Customer)	Data required to use the software, register and create a user account	Performance of contract	Until the deletion of the user account

 

IV.6. Data processing related to the operation of the software

Due to its operation, the software provided by the Service Provider to the Customer may send notifications to the Customer, according to the settings chosen by the Customer, in the form of e-mail and/or text message (SMS), in connection with which the following data will be processed:

Scope of data processed	Purpose of processing	Legal ground for processing	Duration of processing
E-mail address of the Data Subject (Customer)	Data processed in connection with the operation of the software, sending notifications	Performance of contract	Until the termination of contract i.e. deletion of the user account
Phone number of the Data Subject (Customer)	Data processed in connection with the operation of the software, sending notifications	Performance of contract	Until the termination of contract i.e. deletion of the user account

 

IV.7. Newsletter subscription

Scope of data processed	Purpose of processing	Legal ground for processing	Duration of processing
E-mail address of the Data Subject	Sending informative and educational messages to the Data Subject, informing them of discounts or important information about the Service	Consent	Until withdrawing consent i.e. unsubscribing from the newsletter

The Data Subject has the opportunity to subscribe to our newsletter on the Website. In connection with this, the Service Provider will process the e-mail address of the Data Subject only on the ground of the Data Subject’s express consent and until the Data Subject withdraws his/her consent. There are several ways to withdraw consent, for more details please see the provisions of Chapter VII of this Policy.

 

What are cookies and why we use them?

Cookies are data packages that are sent by our webservers to Your computer automatically, where they are stored – depending on the type of the cookie – for a definite period of time.

Cookies do not hold any security risk to Your computer or not cause any malfunction.

In order to ensure the smooth operation of the Website, certain cookies (known as session cookies) are automatically installed on Your computer when You visit the Website. The purpose of such cookies is to ensure the security of the Website, to preserve the data recorded on our online forms, to display multimedia content and to balance the traffic on the Website. Personal data collected through the use of these cookies (in particular the IP address of Your computer) will be processed for our legitimate interest in the safe and smooth operation of the Website for the duration of Your stay on our Website. Closing Your browser will automatically delete them from Your computer.

With Your consent given on the Website, the following types of cookies may be installed on Your computer for the following purposes:

• Cookies for web analytical measurements and for statistical purposes (e.g., Google Analytics). These are important to us because we are provided with information about the specific characteristics of our visitors (IP address, city, type of device, browser, operating system You are using, and what sub-pages You have visited on our site). We use these data anonymized for statistics and reports to improve the Website our marketing strategy.
• Remarketing cookies (such as Google AdWords) allow us to analyze how You use our site and, consequently, to display personalized content to You, including advertising on online platforms outside our site (e.g., other websites or social media).

In addition, we distinguish between session-specific cookies and persistent cookies. A cookie valid for a single session only survives until the User closes the browser. Permanent cookies continue to live and are not automatically deleted when You close Your browser. Why do they stay there and what’s good about it? Well, such persistent cookies, for example, help to make the site run faster and remembering things that the User has set for himself/herself on the Website.

You can manage cookies in Your browser’s settings. How these settings are set depends on the type of Your browser.

You may find information on cookie settings for the most popular browsers on the following link:

• Google Chrome: https://support.google.com/chrome/answer/95647?hl=hu-hu&p=cpn_cookies
• Firefox:  https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
• Internet Explorer / Edge: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
• Safari: https://support.apple.com/hu-hu/HT201265

 

 

V. How can You withdraw Your consent if the ground for processing is based on consent?

If under present Policy the legal ground of processing is the consent of the Data Subject, then the Data Subject has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. You may withdraw Your consent given at browsing at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if You do not have the possibility to withdraw Your consent this way, you may withdraw it by sending a message tohello@foliavezerles.hu or a mail sent to the Service Provider’s registered seat address or in case of newsletter subscription by clicking on the “Unsubscribe” button at the bottom of the email.

Please note that the withdrawal of consent does not affect the lawfulness of the data processing prior to the withdrawal.

 

VI. Where and how my personal data is stored?

All personal data is stored electronically on trusted secure servers.

 

VI.1. Website host

The Service Provider informs the Data Subject that the storage space for the data provided through the Website by visiting the Website and making contact via the Website by the the Data Subject is provided by an external service provider, so the data provided during the use of the Website are stored on servers provided by an external service provider.

The hosting provider is:

• Nazwa firmy: BlazeArts Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
• Registered seat: 1096 Budapest, Thaly Kálmán utca 39., Hungary
• Nr KRS: 01-09-389087
• NIP: 12539833-2-43
• Represented by: Syrovátka Erich as managing director
• E-mail: privacy@forpsi.hu; dpo@forpsi.hu 
• Telefon: +36 1 610 5506; +36 1 610 5507
• Web: https://www.forpsi.hu/ 

(hereinafter as: „Hosting Provider”)

The privacy policy of the Hosting Provider is available at: https://www.forpsi.hu/ForpsiHU/media/Forpsi/Documents/tc-files/HU_Privacy_Policy_BlazeArts_v2-3.pdf 

The Hosting Provider’s servers are equipped with robust security, and the Hosting Provider provides multiple levels of data protection (physical, technical and organisational), which in all cases meet industry standards.

Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.

 

VI.2.  Cloud based data storage

The Service Provider stores certain data, such as data related to the operation of the software, on cloud-based servers or data storage solutions, using the services of the following service providers.

 

VI.2.1. Kinsta

Kinsta cloud storage is provided by:

• • Nazwa firmy: Kinsta Inc.

• Registered seat: 8605 Santa Monica Blvd 92581, West Hollywood, CA 90069, USA

• • Registration number: B186284

• Represented by: Mark Gavalda CEO

• E-mail: privacy@kinsta.com 
• Telefon: +1 (888) 610 2915 
• EU data centers: Warsaw, Madrid, Hamina, Frankfurt, Eemshaven, Paris, Milan, St. Ghislain

(hereinafter as: “Kinsta”) 

The Service Provider uses servers of Kinsta located in the European Union.

Kinsta protects data at several levels, including physically protecting the servers that store the data, at the infrastructure level by using uninterruptible power supplies and other advanced devices, at the data level by restricting access, continuous monitoring of the system, encryption, and other similar measures. More information on Amazon’s security solutions is available at: https://kinsta.com/docs/disaster-recovery/ 

Kinsta’s privacy policy and other documents related to data processing are available here: https://kinsta.com/legal/  

 

VI.2.2. Amazon Web Services (AWS)

For cloud storage, the Service Provider also uses Amazon AWS, whose service provider is the following entity established in the European Union in accordance with the provisions of the GDPR for the processing of data of European partners and European data subjects

• Nazwa firmy: Amazon Web Services, Inc. Emea Sarl 
• Registered seat: 38 Avenue John F. Kennedy, L-1855 Luxembourg
• Registration number: B186284
• Represented by: Eva Gehlin and Barbara Scarafia directors 
• E-mail: EU-privacy-DSR@amazon.com
• European data centers: London, Frankfurt, Stockholm, Paris, Dublin

(hereinafter as: “Amazon”) 

The Service Provider uses Amazon servers located in Europe.

However, if for any reason the data would be transferred to Amazon’s servers outside the European Union, located in the United States of America, your data are still safe and protected by the provisions of the GDPR, as Amazon’s processing outside the European Union complies with the GDPR, as Amazon has submitted to decision of the Court of Justice of the European Union on the application of Article 40 of the GDPR. Amazon is subject to the Standard Contractual Clauses (hereinafter “SSC”) approved by the Court of Justice of the European Union pursuant to Article 40 of the GDPR, which ensures that a controller or processor outside the EU who acts in accordance with the SSC ensures a level of protection of personal data equivalent to that in the EU and in compliance with the GDPR.

For more information about SCC read: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_hu 

More information about Amazon’s processing of personal data in accordance with the SCC is available at https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/ 

Amazon protects data at several levels, including physically protecting the servers that store the data, at the infrastructure level by using uninterruptible power supplies and other advanced devices, at the data level by restricting access, continuous monitoring of the system, encryption, and at the environmental level by choosing the location of its data centres, as it sets up its data centres in places where they are not exposed to natural forces such as seismic activity. More information on Amazon’s security solutions is available at https://aws.amazon.com/compliance/data-center/data-centers/ 

Amazon’s general privacy policy can be reached at https://aws.amazon.com/privacy/ 

VII. What rights do You have in connection with processing Your personal data?

Request for information (right to access): You may request information about the processing of Your personal data at any time, either in person, at our registered seat address, in writing by sending a registered letter or by email to hello@foliavezerles.hu 

Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and Your rights in relation to processing. In the case of data transfer, to whom and for what purpose Your data have been or will be transferred.

A request for information is considered authentic by us if You are clearly identified by it. If the request is sent by e-mail or post, only the e-mail sent from Your registered e-mail address will be considered as authentic, and we will only be able to send information to the postal address registered by us. Unless You voluntarily verify Your identity otherwise, we will not be able to send information to an e-mail address or postal address that is not registered in our records in order to protect Your privacy.

Rectification: You may at any time request the rectification, modification or amendment of Your data in the same manner described above. We can also do this only on the basis of a request from a credible source presented when submitting the request.

Restriction: You may request that we restrict the processing of our personal information in particular if:

a) You argue the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.

b) Although the legal ground for processing does not stand for us, but You are requesting us in writing to keep them for the purpose of filing, asserting or defending any legal claim You may have

Objection: If we process Your personal data on the ground of legitimate interest, You may at any time object to the processing of Your personal data. In such cases, we will review the legality of the objection and, if it is well established, we terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.

Deletion (“Right to be forgotten”): You may request the deletion of Your personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.

We may refuse deletion if the processing of Your personal data is required by law or if it is necessary to enforce our legal claims. We will always inform You about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.

Transfer of Personal Data (Portability): You may at any time request us to transfer the data processed in connection with You in a structured, widely used, machine-readable format to You or to another controller.

We kindly ask You to not exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.

VIII. To whom we transfer personal data and who has right to access them?

Your personal data will be treated confidentially and will not be disclosed to any third party, except as provided below.

VIII.1. Correspondence (e-mail)

For e-mail communication the Service Provider uses the services of Google Inc. named Gmail GSuites, a business e-mail service provided by:

• • Nazwa firmy: Google Ireland Ltd

• Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

• Registration number: 368047
• Represented by: Elizabeth Margaret Cunningham CEO
• Telefon: +353 1 436 1000
• data center: Dublin, Ireland

(hereinafter as: “Google”) 

Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. Google may not access, modify, delete, use or otherwise manipulate the User related data stored on the server provided by Google. 

If, for any reason, Google processes personal data outside the European Union, it will provide adequate protection in accordance with the provisions of the GDPR as a result of being subject to the SCC code of conduct. Learn more more information about Google’s SCC policy at https://policies.google.com/privacy/frameworks  

Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy 

VIII.2. Data forwarding related to customer management

The Service Provider uses a cloud-based CRM system called Hubspot in connection with the Service it provides, which may also store personal data, the service provider of which is:

• • Nazwa firmy: HubSpot Inc.
  • Registered seat: 25 First Street, 2nd Floor, Cambridge, MA 02141, USA
  • Registration number: 000955519
  • Represented by: Brian Halligan CEO
  • E-mail: privacy@hubspot.com 

• Web: https://www.hubspot.com/ 

(hereinafter as: “Hubspot”)

Where Hubspot processes the data of a Data Subject who resides within the European Union, the data of that Data Subject will be processed at Hubspot’s data centre in Germany.

Where the Data Subject’s data is transferred outside the European Union, this will be done in accordance with the GDPR, as Hubspot will apply the SCC rules in relation to the transfer. More information about Hubspot’s data transfers is available here: https://legal.hubspot.com/dpa  

Hubspot’s privacy policies are available at the following links:

https://legal.hubspot.com/privacy-policy 

https://www.hubspot.com/data-privacy/gdpr/product-readiness   

VIII.3. Data forwarding related to invoicing

If for any reason an invoice is issued by the Service Provider, it will be issued using one of the largest online invoicing software in Hungary, szamlazz.hu. If the Data Subject provides his/her own data as billing data, as described above, since it is considered personal data, it is subject to the data processing of the Service Provider. The operator of szamlazz.hu is:

• Nazwa firmy: KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

• • Registered seat: 1031 Budapest, Záhony utca 7., Hungary

• Nr KRS: 01-09-303201

• Registered at: Metropolitan Court of Budapest as Company Registry Court

• NIP: 13421739-2-41
• E-mail: info@szamlazz.hu 
• represented by: Balázs Ángyán as managing director

(hereinafter as: „KBOSS”)

KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/ 

VIII.4. Data forwarding related to payments

If the Data Subject makes a payment to the Service Provider, the payments will be received by the Service Provider’s bank account held at MKB Bank Nyrt.:

• Nazwa firmy: MKB Bank Nyrt.

• • Registered seat: 1056 Budapest, Váci utca 38., Hungary
  • Nr KRS: 01-10-040952

• NIP: 10011922-4-44

• E-mail cím: mkb@mkb.hu 

• Telefon: +36 80 333-660

• DPO: postal addres: 1056 Budapest, Váci u. 38., e-mail: adatvedelem@mkb.hu

(hereianfter as: „MKB Bank”)

The privacy policy of MKB Bank is available at: https://www.mkb.hu/adatvedelmi-iranyelvek 

VIII.5. Data forwarding in connection with accounting

For the following company performing accounting services for the Service Provider:

VIII.5.1. Meyer & Levinson Kft.

• Nazwa firmy: Meyer & Levinson Korlátolt Felelősségű Társaság

• Registered seat: 1052 Budapest, Deák Ferenc tér 3. (MEYER & LEVINSON emelet), Hungary

• Nr KRS: 01-09-902076

• NIP: 14398209-2-41

• Represented by: Zoltán István Kristó managing director
• E-mail: info@meyerlevinson.com

VIII.5.2. Meyer & Levinson Accounting Kft.

• Nazwa firmy: Meyer & Levinson Accounting Korlátolt Felelősségű Társaság

• Registered seat: 1052 Budapest, Deák Ferenc tér 3. (MEYER & LEVINSON emelet), Hungary

• Nr KRS: 01-09-928027

• NIP: 14964303-2-41

• Represented by: Zoltán István Kristó managing director
• E-mail: info@meyerlevinson.com

VIII.5.3. Riport Applications Kft.

For the digital processing of accounting data, the accountant uses an online financial software called Riport Quick, which is provided by:

• • Nazwa firmy: Riport Applications Korlátolt Felelősségű Társaság
  • Registered seat: 1052 Budapest, Deák Ferenc tér 3. (MEYER & LEVINSON emelet), Hungary

• Nr KRS: 01-09-982509

• • NIP: 23878149-2-41

• Represented by: Zoltán István Kristó managing director

• E-mail: hello@riport.app 
• Web: https://www.quick.riport.app/ 

(hereinafter as: „Riport”)

The privacy policy of Riport is available at: https://www.helloquick.riport.app/adatvedelem

VIII.6. Shipping of products

The Service Provider uses the services of the GLS courier service for the delivery of the products it distributes, the contact details of which are:

• • Nazwa firmy: GLS General Logistics Systems Hungary Csomag-Logisztikai Korlátolt Felelőssségü Társaság
  • Registered seat: 2351 Alsónémedi, GLS Európa utca 2., Hungary
  • Nr KRS: 13-09-111755
  • NIP: 12369410-2-44

• Represented by: Krisztina Éva Tarnóczi and Gergely Farkas managing directors along with György Oreskó and Attila Csaba Balázs company managers jointly

• Telefon: +36 29 886 670
• Fax: +36 29 886 610
• E-mail: info@gls-hungary.hu 
• Web: https://gls-group.eu/HU/hu/home  
• DPO: Rita Dr. Katona
• Contact of the DPO: adatvedelem@gls-hungary.hu 

(hereinafter as: “GLS”)

The privacy policy of GLS is available here https://gls-group.eu/HU/hu/adatkezelesi-tajekoztato

IX. What third-party social media plug-ins may be found on our Website?

To receive feedback on the contents we share on the Website and to share them we use social media sites meaning we use the services (plugins) of third party providers. The plugins are only active when You specifically click on the button to allow them to contact social media sites. The plugins of the following two social media sites can be found on our website: Facebook, Instagram, LinkedIn, TikTok, YouTube

If You are logged in to any of these sites, it may occur that Your visit on the site will be attached to Your personal profile. If you click on the specific button, your browser will forward the relevant information directly to that social media site and store them there.

Information about the scope and purpose of the data collected, further processing of Your data and use of Your data by the social media provider, and Your rights regarding personal data can be found in privacy statements of the social media providers, which are available at:

Facebook: https://www.facebook.com/policy.php 

Instagram: https://help.instagram.com/155833707900388 

TikTok. https://www.tiktok.com/legal/privacy-policy-eea?lang=hu 

YouTube: https://policies.google.com/privacy

Linkedin: https://www.linkedin.com/legal/privacy-policy 

X. To whom and in what cases are we required to disclose personal data?

We are obliged to disclose the personal data we process to the competent authority upon request by such authority. We cannot be held liable for any such transfer and the consequences thereof. We will always inform You of the transfer when it becomes necessary.

XI. What are the responsibilities with regard to the personal data You provide?

When You provide us Your personal data, You are responsible for ensuring that the information and contributions You make are true and correct.

We ask You to provide us third-party data only if specifically authorized to do so by the third party. The Service Provider assumes no liability for any resulting claims.

If a third-party objects the processing of personal data by credibly verifying its identity, we will immediately delete third-party data without notifying You. Please only provide third-party personal data only if you have informed the third party of the availability of this Policy.

Please do not provide us with any personal data in addition to the data requested by the Service Provider and specified in Chapter IV above. If you provide the Service Provider with any personal data in addition to the data requested by the Service Provider, the Service Provider will immediately render it unrecognizable and irretrievably delete it, and excludes its liability for data that the data subject has voluntarily provided to the Service Provider without the Service Provider’s request.

XII. Handling of of Personal data breach

Any personal data breach that may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform the Data Subjects concerned.

XIII. Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.

XIV. Amendment of the Privacy Policy

If the scope of the data processed, the legal ground for the processing or other circumstances change, we will amend this Policy in accordance with the GDPR within 30 days and publish it on the Website and notify the Data Subject of the changes. In any case, please read the changes to this Privacy Policy carefully as they contain important information about the processing of your personal data.

XV. Who You may contact for information regarding Your personal data or to exercise Your rights?

Please contact us with any inquiries in e-mail at hello@foliavezerles.hu or by mail at 6000 Kecskemét, Budai utca 19. 2. floor. 5., Hungary.

The Data Subject is entitled to exercise his / her rights related to the processing of personal data against the Service Provider as controller. If You wish to exercise Your rights, You must notify the Service Provider first.

If You feel that Your rights have been violated, You can complain to the National Authority for Privacy and Freedom of Information:

Name: National Authority for Privacy and Freedom of Information 

Adres: 1055 Budapest, Falk Miksa utca 9-11., Hungary

Mailing address: 1363 Budapest, PO box: 9., Hungary

Telefon: +36 1 391 1400

E-mail: ugyfelszolgalat@naih.hu 

Website: http://www.naih.hu