facebook no-script

Privacy Policy

 

 

1 Basic data

 

 

Name of the organisation:

Netflorista Ltd

Seat of the organisation:

13 Kinizsi Pál street Győr 9030

Date of the guide coming into force:

25th May 2018

Representative of the data controller in this case:

Várhegyi Viktor Dániel

contact:

info@netflorista.com

phone number:

+36304310864

 

 

This guide sets out the rules for the protection of natural persons with regard to the processing of personal data and the rules on the free movement of personal data. The information contained in the guide has to be used for specific data management activities, as well as at the issuing of instructions and information regulating data management. The Netflorista Ltd reserves the right to change or modify the present guide at any time, but they always inform their audience in due time. 

The organization does not employ a data protection officer.

Netflorista Ltd handles personal information with confidentiality at all times and takes all security, technical and organizational measures, which guarantees the security of the data.

 

1 The extend of the guide

 

This guide is valid until withdrawal, it applies to the users of netflorista.com,who have approvingly accepted it, as well as to the officials and employees of the organization.

 

  1. The purpose of the guide

 

The aim of this guide to harmonize the protection of the fundamental rights and freedoms of natural persons with regard to data management activities and to ensure that personal data are handled properly.

 

The organization during its activities wishes to fully comply with the legal requirements for the processing of personal data, in particular to the provisions of the regulation (EU) No 2016/679 of the European Parliament and the Council.

 

1 Significant concepts, definitions

 

●     TheGDPR(General Data Protection Regulation)the new Privacy Policy of European Union

 

●     data controller: the natural or legal person, public authority, agency or any other body, which defines the purposes and means of managing personal data individually or with others; if the purposes and means of data management are defined by Union or member state law, the data controller or the particular aspects of the designation of the data controller may be defined by Union or member state law;

 

●     data handling: any operation or collection of operations carried out in an automated or non-automated way on personal data or data files such as collection, capture, systematization, division, storage, transformation or change, query, insight, use, communication, transmission, dissemination or otherwise made available,alignment or interconnection, restriction, deletion or destruction;

 

●     data processor:the natural or legal person, public authority, agency or any other body, which handles personal data on behalf of the data controller;

 

●     personal data: any information relating to an identified or identifiable natural person (person concerned); identifiable is that natural person who, directly or indirectly, can be identified based on one or more factors concerning in particular an identifier, such as name, number, location data, online identifier or the natural person’s physical, physiological, genetic, spiritual, economic, and cultural or their social identity;

 

●     third party: the natural or legal person, public authority, agency or any other body, which is not the same as the person concerned, the data controller, the data processor or those persons who have been authorized to handle personal data under the immediate control of the data controller or the data processor; 

 

●     the consent of the person concerned: voluntary, concrete and clear expression based, on appropriate information of the will of the person concerned, with which the person concerned indicates by a statement or confirmation by an unambiguous expression of action that they consent to the processing of personal data concerning them;

 

●     limitation of data management: the marking of stored personal data to limit their future management;

 

●     pseudonymization: handling personal data in a wayas a result of which it can no longer be established without further information being used, that the personal data belongs to which specific natural person, provided that such additional information is stored separately and it is ensured with technical and organizational measures that this personal data cannot be linked to identified or identifiable natural persons;

 

●     registration system: personal data stock split in any way - centralized, decentralized, according to functional or geographic aspects – which is available on the basis of defined criteria;

 

●     privacy incident: such damage of the security which results in the accidental or illicit destruction, loss, alteration, unauthorized disclosure or unauthorized access of personal data transmitted, stored or otherwise handled;

 

 

1Data management guidelines

 

The processing of personal data shall be carried out legally and fairly and in a manner transparent to the person concerned.

 

Collecting personal data can only be done for a specific, clear and legitimate purpose.

 

The purpose of personal data management has to be appropriate and relevant, and only to the extent necessary.

 

Personal data have to be accurate and up-to-date. Inaccurate personal data have to be deleted immediately.

 

Personal data have to be stored in a form that allows the identification of the persons concerned for the necessary time only. Personal data can only be stored for a longer period of timeif the storage takes place for public interest archiving, for scientific and historical research purposes or for statistical purposes.

 

Personal data have to be handled in the way that the adequate security of personal data shall be provided by appropriate technical or organizational measures including the protection against unauthorized or unlawful handling, accidental loss, destruction or damage to data.

 

The principles of data protection have to be applied to any information concerning all identified or identifiable natural persons. 

The data administrator of the organization has disciplinary, compensational, misdemeanour and criminal liability for the legitimate management of personal data. If the employee becomes aware that the personal data he manages is incorrect, incomplete or out of time,they have to correct or initiate correction. 

 

1 Handling of personal data

 

As natural persons can be associated with the online identifiers provided by the devices, applications, instruments and protocols they use,such as IP addresses and cookie identifiers, so these data, combined with other information, are suitable and can be used to create the profile of a natural person and to identify that person. 

 

Data management can only take place if the person concerned gives a voluntary, specific information-based and clear confirmation of their consent to the processing of the data by, for example, a written - including by electronic means – or oralstatement.

It is also a consent to data management if the person concerned will mark a relevant box when viewing the web site. Silence, pre-marked box or non-action are not considered as consent.

It is also a consent when a user makes technical adjustments to the use of electronic services concerning this, or make a statement or act which in the given context clearly indicates the consent of the person concerned to the management of their personal data.

 

Children's personal data deserve special protection because they are less aware of the risks associated with the handling of personal data, consequences and the associated guarantees and authorities. This special protection has to be used in particular for such use of personal data of children which serves the goals of marketing or the creation of personal or user profiles.

 

Personal data have to be handled in a way that ensures their proper level of security and confidential handling in order to, among others, prevent unauthorized access to personal data and to the means of personal data management or their unauthorized use.

 

All reasonable steps have to be taken to correct or delete inaccurate personal data.

 

1 The legality of data management

 

The handling of personal data is legitimate if one of the following is met:

 

●     the person concerned has agreed to the handling of their personal data for one or more specific purposes;

 

●     the data processing is necessary for the performance of a contract in which the person concerned is involved, or it is necessary for to taking action at the request of the person concerned prior to the conclusion of the contract;

 

●    data processing is necessary to fulfil the legal obligation for the data controller;

 

●     data processing is necessary for the protection of the vital interests of the person concerned or another natural person;

 

●     data processing is necessary for the performance of a task which is public interest or a task in the exercise of the public authority transferred to the data controller

 

●     data processing is necessary to enforce the legitimate interests of the data controller or a third partyunless the interests or fundamental rights and freedoms of the person concerned have priority over these interests,which require the protection of personal data, especially if the person concerned is a child.

 

According to the above mentioned, data processing is considered legitimate,if it is required under a contract or intention to conclude a contract.

In the activity of Netflorista Ltd., personal data are handled on the base of voluntary contribution, statutory authorization or contract. As long as data management is based on voluntary consents, then the persons concerned may withdraw their consent at any stage in the processing of data. In some cases, however, the management, storage or transmission of a particular set of data is made mandatory by law from which we will notify You separately. We will also call your attention, that if you do not provide your own personal information,it is Your duty as an informant to obtain the consent of the person concerned.

 

If the data is handled in compliance with the legal obligation of the data controller or if it is necessary to carry out a public interest task or to exercise public authority, the data processing has to have legal basis in Union law or in the law of a member state.  

 

Data management has to be considered lawful at that time when it takes place in the interests of the life of the person concerned or of any other natural person mentioned above.Data management may, in principle, only take place with reference to other natural person’s vital personal interests if the data processing in question cannot be carried out on another legal basis.

 

Some types of personal data management can serve both important public interests and the vital interests of the person concerned, for example in a case when data processing is necessary for humanitarian reasons, including the surveillance of epidemics and their spreads or humanitarian emergencies, in particular for natural or man-made disasters. 

 

The data controller - including the data controller with whom personal data may be shared -, or a legitimate interest of a third party, may provide a legal basis for data management. Such a legitimate interest may, for example, be the casewhen there is a relevant and adequate relationship between the person concerned and the data controller, for example in such cases, when the person concerned is a client of the data controller or employed by them. 

 

Theabsolutely necessary handling of personal data to prevent fraud is also a legitimate interest of the data controller concerned. Handling personal data for direct business purposes can also be considered as based on legitimate interest.

 

To establish the existence of a legitimate interest it has to be carefully considered, among others, that the person concerned can reasonably expect it to do so at the time of the collection of personal data and in relation to it, and that data management can take place for that purpose. The interests and fundamental rights of the person concerned may have priority over the data controller's interestif the personal data is handled under conditions that,in the midst of which the person concerned do not expect further data management. 

 

The followings are a legitimate interest of the data controller concerned: public authorities, computer emergency response units, network security incident management units, operators and providers of electronic communications networks and services, as well as such extend of personal data management carried out by the safety technology service providers which is absolutely necessary and proportionate to ensure network and IT security.

 

The handling of personal data for purposes other than the original purpose of collecting is only permitted if the data management is compatible with the original purposes of data management for which the personal data were originally collected. In this case, there is no need for a separate legal basis other than the legal basis which allowed the collection of personal data. 

 

The handling of personal data by officially recognized religious organizations in order to achieve their objectives defined in constitutional law or international public law is considered to be of public interest.

 

1 Netflorista Ltd performs the following data management during its activities:

 

1 registration on netflorista.com website

 

Netflorista Ltd operates the netflorista.com web site. On the website, orders can also be made without registration, when registering, however, the system saves user data to facilitate subsequent orders.

 

The purpose of data management is:to store customer data on netflorista.com website andtosubscribe to a newsletter to the person concerned. The purpose of data management is also to inform the persons concerned about future actions and novelties.

 

The purpose of data management is therefore: the performance and fulfilment of a contract for access to content provided by the data controller, that is to say, the persons concerned are informed all-time on the contract between the person concerned and the data controller, provision of services to the person concerned, verification of contractual obligations and entitlements, communication and tracking the services that are used so.

 

Legal basis for data handling: the consent of the person concerned, and its fulfilment according to point a) par. (1), article 6 of the GDPR.

 

Scope of managed data:name, e-mail address. phone number, password 

 

Deadline for deletion of the data:

 

●     if the services provided in this section are terminated and they will not be provided by the data controller on permanent basisbecause they cease to do soand thus the personal data handled on this point is no longer needed, then(3) months after termination

 

●     if the person concerned withdraws their consent for the handling of their personal data under this point then within eight (8) business days after the receipt of a written request, including a request transmitted electronically

 

 

●     if the person concerned object to the handling of his personal data under this point then within eight (8) business days after the receipt of a written request, including a request transmitted electronically

 

●     in other cases, referred to in Article 17 of the GDPR, within 8 (eight) business days after their occurrence

 

Possible consequences of not delivering data:the persons concerned will not be informed about future actions or novelties. 

 

Data transmission: in this case it will not happen.

 

1 mediating the sales of flowers, souvenirs and other similar products

 

The netflorista.com web site has been createdso that different traders sell products such as flowers, gifts, etc., to users as persons concerned. These products may be purchased from the individual traders,and then delivered to the persons concerned after they are purchased via the Internet. In doing so, the persons concerned can give their own data, or the data of the recipient of the gift to whom the gift is sent. The persons concerned can give the data on the netflorista.com web site which are stored by the Data Manager and delivers it to the trader's flower / gift shop in order to fulfil the orders.

The purpose of data management: fulfilment of the contract for the mediation of products offered on the netflorista.com websitethat is to say, to link the person concerned and the given trader, whom they ordered from, so that the trader shall provide services under the contract concluded between them. The verification of contractual obligations and entitlements, communication and tracking the services that are used so.

 

Legal basis for data handling: the conclusion of a contract between the person concerned and the data controller and its fulfilment according to point a) par. (1), article 6 of the GDPR.

 

Scope of managed data: name, address (street, number, floor, door number) e-mail address, phone number, password, name of the addressee (street, number, floor, door number) their phone number.

 

Deadline for deletion of the data:

●     1 year after the purchase of the services offered by traders, taking into account the time required for handling objections or complaints.

 

●     if the person concerned withdraws their consent to the processing of their personal data under this point then within eight (8) business days after the receipt of a written request, including a request transmitted electronically

 

●    if the person concerned objects to the handling of their personal data under this point then within eight (8) business days after the receipt of a written request, including a request transmitted electronically

  • in other cases, referred to in Article 17 of the GDPR, within 8 (eight) business days after their occurrence

 

 

Data transmission:the data controller declares that the person concerned or the recipient's personal data will be forwarded to the selected trader in order to complete the order.They also draw attention to that that in the course of the purchase process, payment can be made through a web interface, with a credit cardin which case the person concerned will be redirected to the financial institution provider's interfacewhere the person concerned has to provide additional information for the payment. However, this does not constitute data management neither data transmission on the side of the data handler, since these financial data will not be in the possession of the data controller at all, the person concerned gives them an external, independent site.This data management is governed by the rules of the service provider, Barion Payment Ltd.

 

If they do not provide their own personal information it is the duty of the data supplier to obtain the consent of the person concerned.

 

Possible consequences of not delivering data:the lack of services indicated at the purpose of data processing and the provision of services by individual traders, in this case there is no contract between the data controller and the data subject,neither between the given trader and the person concerned to provide and fulfil services indicated above andthe person concerned cannot purchase the products marked at the purposes of data management. 

 

1 the actual sale of flowers, souvenirs and other similar products

 

As the products on the netflorista.com internet web site are purchased by the persons concerned from each trader, data of the persons concerned will be forwarded by the Data Manager to the trader of the selected product. In doing so, the data subjects can enter their own data,or the data of the recipient of the giftto whom the gift is sent. The data are provided by the persons concerned at netflorista.com web site which will be stored by the Data Manager, and delivers it to the trader's flower / gift shop in order to fulfil the orders.

 

The purpose of data management:fulfilment of the contract for the purchase of products offered on the netflorista.com website so that the trader shall provide services under the contract concluded between them. The verification of contractual obligations and entitlements, communication and tracking the services that are used so.

 

Legal basis for data handling:the conclusion of a contract between the person concerned and the data controller and its fulfilment according to point a) par. (1), article 6 of the GDPR.

 

Scope of managed data:name, address (street, number, floor, door number) e-mail address, phone number, password, name of the recipient (street, number, floor, door number) their phone number.

 

Deadline for deletion of the data:

  • 1 year after the purchase of the services offered by traders, taking into account the time required for handling objections or complaints.
  • If the person concerned withdraws their consent to the processing of their personal data under this point then within eight (8) business days after the receipt of a written request, including a request transmitted electronically
  • if the person concerned objects to the handling of their personal data under this point then within eight (8) business days after the receipt of a written request, including a request transmitted electronically
  • in other cases, referred to in Article 17 of the GDPR, within 8 (eight) business days after their occurrence

 

 

Data transmission:the data controller declares that the person concerned or the recipient's personal data will be forwarded to the selected trader in order to complete the order. They also draw attention to that that in the course of the purchase process, payment can be made through a web interface, with a credit card in which case the person concerned will be redirected to the financial institution provider's interface where the person concerned has to provide additional information for the payment. However, this does not constitute data management neither data transmission on the side of the data handler, since these financial data will not be in the possession of the data controller at all, the person concerned gives them an external, independent site. This data management is governed by the rules of the service provider, Barrion Payment Ltd.

If they do not provide their own personal information it is the duty of the data supplier to obtain the consent of the person concerned.

 

 Possible consequences of not delivering data:the lack of services indicated at the purpose of data processing and the provision of services by individual traders, in this case there is no contract between the data controller and the person concerned, neither between the given trader and the person concerned to provide and fulfil services indicated above and the person concerned cannot purchase the products marked at the purposes of data management.  

 

1 logging of the netflorista.com server

 

When visiting netflorista.com web site, the web server does not record user data.

 

 

1 the cookie management of netflorista.com website 

 

The data controller places a so-called anonymous user identifier (cookie) on the computer of the person concerned, which is only suitable for detecting the machine of the person concerned, name, e-mail address or any other personal information is not required since when the solution is applied, the person concerned does not transfer personal data to the data controller, the data exchange only and exclusively happens between the machines. The service provider operating the cookie is able to link the current visit of the person concerned to the previous ones, but only regarding the own content of the data controller.

 

The data handler manages the cookies for the purpose of learning more about the information usage habits of the persons concerned and thus improve the quality of their services. The person concerned has the opportunity toprohibit the insertion of individual identification (cookie) on their computer. The person concerned notes that some services will not work properly when cookies are disabled.

 

The purpose of data management:identifying, distinguishing between the persons concerned, identifying the current session of the person concerned.

 

Legal basis for data handling:consent of the person concerned according to point a) par. (1), article 6 of the GDPR.

 

The circle of data processed: identification number, date, time, and the page visited before

 

Duration of data handling: the cookies will live until the browser closesbut the user can also change this in the settings.

 

Possible consequences of not delivering data: the services of netflorista.com web site may not be fully used. 

 

1 The use of remarketing codes

 

The data manager uses Google Ads and Facebook remarketing codes on the netflorista.com website. The remarketing code uses cookies to tag visitors of the website. The cookie installed helps to show ads for the products and services of the data manager on other websites - visited later by the visitors of the website -, belonging to the Google Display network or on Facebook. The person concerned may disable cookies at any time and personalize the ads on the Google advertising settings interface.The user of the website's services acknowledges that they have given their consent to the processing of their data through Google and Facebook by using the website

 

The purpose of data management:identifying, distinguishing between the persons concerned, identifying the current session of the person concerned, storing the data provided during that process,tracking users,web analytical measurements. 

 

Legal basis for data handling:consent of the person concerned according to point a) par. (1), article 6 of the GDPR.

 

Data Processor:Google Inc. operating Google Analytics software, and the provider of Facebook.

 

The circle of data processed:identification number, date, time, and the page visited before

 

Duration of data handling: as defined in the Google Inc. Privacy Policy and in the Facebook Ireland Ltd. Privacy Policy, which can be accessed on https://policies.google.com/privacy or https://www.facebook.com/policy.phppages

 

Possible consequences of not delivering data: the services of netflorista.com web site may not be fully used; non-targeted ads will appear to the user.

 

1 The customer correspondence of Netflorista Ltd

 

If the persons concerned contacts the representatives of Netflorista Ltd. by e-mail,thenthe data handler will delete the e-mail together with the sender's name and e-mail address (or any other data regarding the email sent: date, time of transmission, etc.) after five (5) years from the date of disclosure,on the basis of the general limitation period.

 

1 Other data management

 

In addition to the data handling listed in this data handling notice the data controller may also perform other data handling on a case-by-case basis.  Information on such cases and their circumstances is always provided by the data controller at the time of recording the given data. In addition, the data controller may be required to provide data in a specified circle, at the request of certain authorities and official bodies, provided that the given authority has indicated the exact purpose and scope of the dataand if the data is indispensably necessary for the purpose of the request. 

 

1 Consent of the person concerned, conditions

 

If data management is based on a consentthe data controller has to be able to demonstrate, that the person concerned consented to the handling of their data. 

 

If the person concerned gives his consent in the form of a written statement which also applies to other cases, the request for consent must be communicated in a clearly distinct manner from these other cases.

 

The person concerned has the right to withdraw their consent at any time. Withdrawal of the consent shall not affect the legality of the data handling prior to the withdrawal based on the consent. Before consent is given, the person concerned has to be informed about this. The withdrawal of the consent has to be allowed in the same simple way as the giving of it.

 

In determining whether the consent is voluntary, the fact has to be taken into account to the greatest possible extentamong other things, whether the consent to the management of such personal data was conditional on the performance of the contract - including the provision of services too -,which are not necessary for the performance of the contract. 

 

For services offered directly to children relating to information society, the processing of personal data is lawful if the child has reached the age of 16. For children under 16 years of agethe handling of the personal data of children is legitimate only and to that extent if the consent was given or allowed by the person who practices the parental supervision over the child. 

The handling of the following data is forbidden: personal data referring to racial or ethnic origin, political opinions, religious or world view convictions or trade unions,as well as genetic and biometric data for the unique identification of natural persons, health data and personal data relating to the sexual or sexual orientation of natural persons, except if the person concerned has expressly agreed to handle such personal data for one or more specific purposes.

 

The processing of personal data relating to decisions on the determination of criminal liability and to criminal offenses or related security measures may only take placeif it happens in the data management of the public authority.

 

1Non-authenticated data management

 

If the purposes, from which the data controller handles personal data, do not require or do not longer require the data controller to identify the person concerned, the data controller is not required to retain additional information.

 

If the data controller can prove that they are not in the positionto identify the person concerned, they shall, as far as possible, inform them accordingly.

 

1 The tasks of the data controller

 

The Data Controller is obliged to take appropriate and effective measures and to be able to justify that the data management activities are in compliance with the laws in force.

 

The data controller performs the appropriate technical and organizational measures taking into account the nature, scope, circumstances and purposes of data handling and the risk of varying probabilities and seriousness to natural persons' rights and freedoms.

 

The data controller shall keep a proper record of the data management activities carried out under their competence. The data controller shall cooperate with the supervisory authority and make such registers available on request to control the data management operations involved.

 

1 The rights of the persons concerned

 

The principle of fair and transparent data management requires that the concerned person is informed of the facts and purposes of the data handling.

 

When personal information is collected from the person concerned,the person concerned also has to be informedwhether they are obliged to communicate personal data and what consequences the lack of data provision brings. 

 

Information related to the management of personal data concerning the data subject has to be provided to the person concerned at the time of data collection, or if the data were collected from other sources rather than the person concerned, taking into account the circumstances of the case, itshall be made available within a reasonable time. 

 

The persons concerned may later require information on the fully management of their personal data as detailed below. Netflorista Ltd will do its best to provide all information in a concise, transparent, understandable and comprehensible, easily accessible form, in a clear manner for the persons concerned according to the Articles 13 and 14 and Articles 15 to 22. Article 34 and Article 34 of GDPR. The data controller declares that he does not perform profiling or automated decision making activities. The rights of persons affected are as follows: 

 

The right to information

 

Any person may cask for information via the contact details provided below, about what data of their, on what legal basis, for what data management purpose, from what source and how long the organization handle and store them. Furthermore, whether or not they have let or will let them know or communicate to another person in the future. The person concerned may also be able to request relevant information about data sources information, the fact of automated decision-making, profiling,what the significance of such data management is and the likely consequences for the person concerned. In the case of data transfer to a third country, or to an international organization to provide information on the appropriate guarantees regarding the transfer. At their request, promptly, but not later than 30 days, information has to be sent electronically to the provided contact details. The person concerned is entitled to request a copy of the data subject of the data processing,for which copies the data controller may charge a fee corresponding to the administrative costs. 

 

The right of correction 

 

Any person can request the modification of any of their data via the contact details provided below. Upon request, action has to be taken without delay, but within 30 days the most, and information has to be sent on the provided contact details.

 

The right to cancel

 

Any person can request the cancellation of their data through the specified contact information if one of the following cases occurs:

●    the personal data is no longer needed for the purpose which they were collected for or otherwise handled

●    the person concerned withdraws their consent which is the basis for the data handlingand there is no other legal basis for data handling

●    the person concerned objects to data handling and there is no prior legitimate reason for data handling

●     the personal data were unlawfully handled

●     the personal data have to be deleted for the data handler's legal obligation under the law of the Union or of a Member State to fulfil them

●     the collection of personal data was made with the offering of information society services

 

At their request, this must be done promptly, but not later than 30 daysand information has to be sent on the provided contact details.The deletion of datacannot be initiated,if data processing is required under Article 17 (3) par. of the GDPR.

 

The right to restrict data management

 

Any person may request the restriction of their data through the specified contact informationif one of the conditions set out in Article 18 of the GDPR is met. The restriction lasts until the indicated reason necessitates limiting the data. The data controller shall inform the person concerned in advance of the discontinuation of the restriction.The request has to be made immediately, but not later than 30 days and information has to be sent to the given contact details.

 

The right to data portability

 

The person concerned has the right to get that their personal data handled by the data handler electronically in articulated, machine-readable format, and forward this data to another data handler.It has to bemade immediately for the request, but not later than 30 daysand information has to be sent to the given contact details.

 

The right to protest

 

Any person may object to data handling through the specified contact details. The protest has to be examined within the shortest possible time, but not later than 15 days after the submission of the application.A decision has to be made on the merits of its validity and information on the decision has to be sent to the given contact. If the personal data is handled for direct business purposes,the person concerned has the right toprotest at any time against the handling of their personal data relating to this purpose.

 

The right of withdrawal:

 

The person concerned has the right to withdraw their consent at any time.The withdrawal of the consent shall not affect the lawfulness of the data handling based on the consent prior to the withdrawal. 

 

1 Procedure, legal remedies

 

The person concerned can exercise these rights of theirs by sending a request in e-mail to the data manager at info@netflorista.come-mail address.The data controller shall inform the person concerned without undue delay, but no later than 30 (thirty) calendar days after the receipt of the request. If necessary, taking into account the complexity of the request and the number of requests this deadline may be extended by another two months. 

 

If the data controller fails to take measures on the basis of the request of the person concerned within the deadline specified above,they are obliged to inform the person concerned about the reasons for the failure to act within a period of one month from the receipt of the request, and about that the person concerned may file a complaint with a supervisory authority and may exercise their right of legal remedy as follows.

 

Law enforcement related to data management

 

National Authority for Data Protection and Freedom of Information

Postal address: 1530 Budapest, Pf.: 5.

Address: 22/c Szilágyi Erzsébet fasor Budapest, 1125

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat (at) naih.hu

URL https://naih.hu 

 

In case of breach of their rights, the person concerned may turn to the court. The court proceeds in the case out of turn. The person concerned - according to his choice -, can initiate the lawsuit, in front of the competent court of his place of residence or home. 

 

  Any person who has suffered material or non-material damage in the event of breach of the GDPRis entitled to compensation from the data controller or the data processor. The data processor shall only be liable for any damage caused unlawfully by the data controllerif they have not complied with the obligations imposed on them by law,or if the legitimate instructions of the data controller have been ignored, or they acted contrary to them. In the case of several data controllers or data processors, the liability is jointly owned. The data controller or the data processor shall be exempt from liabilityif they prove, that they are in no way responsible for the incident causing the damage.

 

1The data controller's duties for proper data protection

 

●     The purpose, and criteria of data management and the concept of personal data management has to be reviewed. Legitimate data handling and data processing has to be ensured in accordance with the data handling information.

 

●     Properly informing the person concerned in the data handling. It should be noted that - if the data management is based on the consent of the person concerned -, in case of doubt the data controller has to demonstrate,that the person concerned has consented to the processing of data. 

 

●     The information provided to the person concerned has to be concise, easily accessible and easy to understandtherefore it has to be formulated and displayed in a clear and understandable language

  . 

●    The requirement for transparent data management is to inform the person concerned of the facts and purposes of the data handling.The information has to be provided prior to the processing of dataand the right to information is granted to the person concerned while the data is processed until it is terminated.

 

●    It has to be revealed unambiguously from the consent of the person concerned that the person concerned agrees to the data handling. If data management is based on the consent of the person concerned,in case of doubt, the data controller has to proof that the person concerned contributed to the data handling operation.

 

●     In the case of personal data processing for children, particular attention has to be paid to compliance with the data management rules.For services offered directly to children relating to information society, the processing of personal data is lawful if the child has reached the age of 16. For children under 16 years of age the handling of the personal data of children is legitimate only and to that extent if the consent was given or allowed by the person who practices the parental supervision over the child.

 

●     In the event of the unauthorized handling or processing of personal data, there is a reporting obligation to the supervisory authority. The data controller shall make the notification to the supervisory authority without undue delay,if possible, 72 hours at the latest after the privacy incident has come to light, unless the privacy incident is unlikely to pose a risk to the rights of the natural person. 

 

●    In some cases, the data controller may have a data protection impact assessment prior to data processing.During the impact assessment it has to be examined,how the planned data management operations affect the protection of personal data. If the data protection impact assessment establishes that the data management is likely to pose a high risk,the data controller has to consult the supervisory authority prior to the handling of personal data. 

 

●     In case the main activities involve data management operationswhich, by their nature, scope or purpose, require a regular and systematic, massive monitoring of the persons concerned,a data protection officer should be appointed.The appointment of the data protection officer is aimed at strengthening data security. The data controller does not currently employ a data protection officer.

 

1 Data Security

 

The data controller protects the data with the appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental annihilation and damage or the inaccessibility coming from the change of technology used. 

 

An adequate technical solution is provided to protect electronically managed files in the recordsthat the data stored in the registers shall not be directly accessible to outsiders. 

 

The computer systems and other data retention locations of the data handler can be found at their data processor, that is their hosting provider.

Hosting Provider: Digital Ocean LLC. (seat: 101 Avenue of the Americas, 10th Floor

 New York, NY 10013

contact: www.digitalocean.com)

 

  Netflorista Ltd selects and operates the IT tools used to manage personal data in the provision of the service such waythat the handled data is:

 

1 accessible to those entitled (availability)

2 its credibility and authentication is insured (authenticity of data management)

3 its fixedness can be verified (data integrity)

  1. protected against unauthorized access (confidentiality of data).

 

Netflorista Ltd, in view of the state of the art, provides technical, organizational and organizational measures to protect data security,which provides a level of protection that meets the risks associated with data management.

 

Netflorista Ltd keeps confidentiality during data management:

 

●     protects the information so that it can only be accessed by those who are entitled to it,

●     preserves integrity: it protects the accuracy and completeness of the information and processing method,

●     keeps the availability: it ensures that when the eligible user needs it, they really have access to the information they need and the tools are available to this

 

Netflorista Ltd.’s IT system and network are both protected against all kinds of impacts and attacks. However, we inform the persons concerned that e-mails, transmitted over the Internet are vulnerable to network threats regardless to protocols (e-mail, web, ftp, etc.), which lead to unfair business, dispute contract or discovery or modification of information.To protect from such threats, the data controller will take all the precautionary measures that may be required from them. 

 

1 Privacy incident

 

The privacy incident is a security breachwhich results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

 

The privacy incident without adequate and timely action can cause physical, financial or non-material damages to natural persons,including the loss of provision of their personal data or the restriction of their rights, discrimination, identity theft or identity abuse. 

 

The privacy incident has to be reported to the competent supervisory authority without undue delay, within 72 hours at the latest,unless it can be demonstrated in accordance with the principle of accountability, that the privacy incident is unlikely to pose a risk to the rights and freedoms of natural persons.

 

The person concerned shall be informed without delayif the privacy incident is likely to pose a high risk to the rights and freedoms of a natural person,in order that they can take the necessary precautions.

 

Legislation underlying data management

 

 

  • The regulation No 2016/679 of the European Parliament and the Council (EU) (27 April 2016) on the protection of natural persons with regard to the processing of personal data and the free flow of such data, and the repealing regulation No 95/46/EK (General Data Protection Regulation or GDPR).

 

●    2011 CXII. law on information self-determination and freedom of information (Infotv.).

 

●     Act LXVI of 1995 on public documents, public archives and the protection of private archives material.

 

●     Government decree 335/2005(XII.29.)on the general requirements for document handling of public service bodies.

 

●    the law of 2001/CVII about certain questions of the electronic commerce services and the services in connection with information society (Ektv.tv)

 

●     Act C of 2003 on Electronic Communications.

 

  • The Act V of 2013 on the Civil Code (Ptk.)

 

 

●     The Act of CXXXVI of 2007 on the prevention and control of money laundering and terrorist financing (Pmt.)

 

●     The Act XLVIII of 2008 on the fundamental terms and limitations of economic advertising activity. („Grt. tv.”)

www.netflorista.com

 

X

First time on Netflorista?

Use this 3 £ coupon for your first order! (Valid for orders over than 30 £)
Coupon code: NETF1