Data processing information
1. MENS MENTIS HUNGARY Limited Liability Company
2. Abbreviated name: 3. MENS MENTIS HUNGARY LLC.
4. Company registration number: 09 09 017147
5. Tax number: 14809503209
6. Headquarters: 7. Hungary, 4110 Biharkeresztes, Szacsvay utca 4/b.
8. Place of business activity: 7. Hungary, 4110 Biharkeresztes, Szacsvay utca 4/b.
9. Mailing address: 7. Hungary, 4110 Biharkeresztes, Szacsvay utca 4/b.
10. Phone: 11. (phone number not provided)
12. Email address: [email protected]
14. 2. Legislation regarding data processing, scope of the information
15. 2.1. The Data Controller primarily processes the Users' data
16. – REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (hereinafter: GDPR)
17. – and the provisions of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
manages according to its provisions.
19. 2.2. The scope of this information pertains to the use of the www.gabler-mirelta.hu website (hereinafter: website) and the data processing related to the use of the services available there.
20. 2.3. For the purposes of this information, User: natural persons browsing the website, using the services of the website, and ordering products from the Data Controller.
3. The legal basis for data processing
3.1. The legal basis for data processing carried out by the Data Controller regarding certain data processing activities is, according to Article 6(1)(a) of the GDPR, the User's consent, and regarding data processing related to orders, it is Article 6(1)(b) of the GDPR, which states that the data processing is necessary for the performance of a contract in which the User is one of the parties.
3.2. In the case of data processing based on consent, the User provides their consent by checking the checkbox placed before the data processing statement in the relevant locations. The User can read the data processing information at any time by clicking on the „Data Processing Information” label appearing at the bottom of every page of the website, or by clicking on the link marked with the text „Data Processing Information” in the data processing statement mentioned in this point, which ensures the User's clear and detailed prior information. By checking the checkbox before the data processing statement, the User declares that they have read the data processing information and, knowing its content, consent to the processing of their data as described in this information.
3.3. In certain cases, legislation obliges the Data Controller to carry out certain data processing operations, and there may also be a legitimate interest as a legal basis for data processing. The User can read more about these in detail below in the chapters concerning individual data processing activities.
4. Data processing related to the operation of information technology services
4.1. The Data Controller uses cookies for the operation of the website and for collecting technical data related to the visitors of the website.
4.2. The Data Controller provides a separate information notice regarding data processing carried out by cookies: Data Processing Information on the use of cookies.
5. Data processing related to receiving and responding to messages
5.1. The scope of the data subjects: Users sending messages to the Data Controller using the message sending form available under the „Contact” menu of the website, or via email using the email address(es) indicated on the website.
5.2. The legal basis for data processing: the User's consent according to Article 6(1)(a) of the GDPR. The User provides consent in the case of the message sending form by checking the statement that can be checked there, and in the case of email by sending it.
The User has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of data processing based on consent prior to withdrawal. If the User withdraws their consent before the message is answered, the Data Controller will not continue the correspondence, will not respond to previously asked questions, as they must delete the data processed based on consent.
5.3. Definition of the scope of processed data:
The User sending the message:
– name,
– email address,
– the content of the message.
5.4. The purpose of data processing: to enable communication with the Data Controller for the User.
Related services:
– receiving messages sent via email (using the email address indicated on the website),
– responding to messages received by the Data Controller in the above manner.
5.5. Duration of data processing: It lasts until the message is answered or the User's request is fulfilled. The Data Controller deletes the data processed for this purpose after answering the message/fulfilling the request. If multiple related messages are exchanged for information exchange, the Data Controller deletes the data after the information exchange is completed or after fulfilling the request.
If a contract is concluded as a result of the message exchange, and the content of the messages is essential for the contract, then the legal basis and duration of data processing will be determined according to the provisions in point 7 (data processing related to the order).
5.6. Method of data storage: In a separate data file within the Data Controller's IT system.
6. Data processing related to newsletter sending
6.1. The data subjects: Users who subscribe to the newsletter by filling out the fields for ”Newsletter” subscription on the website and checking the consent statement, or by checking the statement regarding subscription during the order process.
6.2. Legal basis for data processing: the User's consent according to Article 6(1)(a) of the GDPR and Sections 1 and 2 of the Grt. The voluntary consent is given by the User by checking the checkbox before the subscription statement after filling out the fields for newsletter subscription.
The User has the right to withdraw their consent at any time. The withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.
The newsletter service aims to send useful information as well as direct business acquisition by the Data Controller. Users can subscribe to this service independently of other services. The use of this service is voluntary and based on the User's decision made after proper information. If the User does not use the newsletter service, it does not result in any disadvantage regarding the use of the website and the use of other services. The Data Controller does not make the use of its service aimed at direct business acquisition a condition for using any other service.
6.3. Definition of the scope of processed data:
- first name,
- email address.
6.4. Purpose of data processing: sending newsletters to the User by the Data Controller via email. Sending newsletters means sending information about the Data Controller's services, news, and current events, attention-grabbing offers, advertising content, and sales-promoting materials.
6.5. Duration of data processing: The Data Controller processes the data handled for the purpose of sending newsletters until the User withdraws their consent regarding this (until unsubscribing) or until the data is deleted at the User's request.
6.6. Method of data storage: In a separate data file within the Data Controller's IT system.
7. Data processing related to consumer complaints
7.1. Scope of data subjects: Users reporting consumer complaints.
7.2. Legal basis for data processing: the legal basis for data processing is necessary for the fulfillment of a legal obligation according to Article 6(1)(c) of the GDPR; the Data Controller's fulfillment of legal obligations related to the handling of complaints as defined in Section 17/A of the Fgytv.
7.3. Scope of processed data:
The complaining User:
- last name,
– first name,
– address,
– place, time, and manner of submitting the complaint,
– detailed description of the complaint,
– what the User has stated in the complaint; any personal data that the User brings to the attention of the Data Controller in connection with the complaint,
– personal data contained in any documents, records, and other evidence that the User may present,
– place and time of recording the minutes of the complaint,
– signature of the User in case of a written complaint,
– email address of the User in case of a complaint sent via email,
– unique identification number of the complaint and the User's phone number in case of a verbal complaint communicated by phone or other electronic communication service,
– possibly the identifier of the order or other transaction related to the complaint and information regarding its fulfillment.
The Data Controller does not record phone calls on audio tape.
7.4. Source of the data: the data is provided by the User to the Data Controller in their complaint. Investigating the complaint may necessitate processing data related to the User's previous order submitted to the Data Controller. The Data Controller does not obtain the User's data from any other (external) source.
7.5. Purpose of data processing: investigation and response to the complaint submitted by the User; fulfilling the legal obligations set forth in Section 17/A of the Fgytv.
The purpose of processing the User's personal identification data is to identify the User, which is necessary for investigating and responding to their complaint.
Information containing personal data presented by the User in their complaint, as well as data related to any previous order possibly involved in the complaint, will be used for the substantive investigation and response to the complaint, provided that they are necessary for this.
The User's name and address will be used for addressing postal correspondence in the event that the minutes recorded about the complaint or the response to the complaint is sent by the Data Controller in writing by post.
The User's name and email address may be used for communication via electronic mail (if necessary for investigating the complaint) and for responding to their complaint via email.
7.6. Duration of data processing: The Data Controller will retain the minutes recorded about the complaint, as well as the submitted document in case of a written complaint and the response to the complaint for three years in accordance with Section 17/A (7) of the Fgytv., after which it will be destroyed.
If the submitted claim is not considered a complaint, the Data Controller will delete the data one month after the closure of communication related to the claim.
If the notification is not considered a complaint, but relates to a specific transaction concerning the Data Controller's performance and is relevant in this regard, the Data Controller will manage it until the expiration of the limitation period for claims arising from the contractual relationship – which is generally 5 years from the due date of the claim – after which the data will be deleted.
7.7. Method of data storage: The Data Controller stores data in a separate data file within its IT system, possibly on paper depending on the method of submission, in the minutes taken regarding the complaint, and in the document containing the response to the complaint.
8. Use of data processor
The Data Controller engages the following business organizations as data processors.
8.1. Hosting service provider
8.1.1. Scope of data subjects affected by data processing: Users visiting the website, regardless of their use of the services provided by the website.
8.1.2. The Data Controller engages the
Versanus Informatikai és Szolgáltató Korlátolt Felelősségű Társaság as a data processor
Short name: Versanus Kft.
Company registration number: 01 09 738703
8.2. Website developer
8.2.1. Scope of those affected by data processing: Users visiting the website, regardless of their use of the services provided by the website.
8.2.2. Data controller engages as a data processor
Aut O
8.3. Data processing related to newsletter sending
8.3.1. Scope of those affected by data processing: Users subscribing to the newsletter on the website, regardless of their use of other services provided by the website.
8.3.2. Data controller engages as a data processor the
THE ROCKET SCIENCE GROUP LLC (MailChimp)
Short name: THE ROCKET SCIENCE GROUP LLC
Company registration number: 20161685162
Tax number: 20161685162
Headquarters: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Branch: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Mailing address: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Phone: +1 678 999 0141
Email: [email protected]
Website: https://mailchimp.com/
economic association, as the developer and maintainer of the newsletter sending software used by the Data Controller (hereinafter: Data Processor).
8.3.3. Definition of the scope of data affected by data processing: Data processing concerns the name and email address of the User subscribing to the newsletter.
8.3.4. Purpose of data processing: Ensuring the operation of the software used by the Data Controller for sending newsletters in an information technology sense, through data processing manifested in the technical operations necessary for the secure operation of the software.
8.3.5. Duration of data processing: Until the User withdraws their consent for newsletter sending (unsubscribes), or until the data is deleted at the User's request.
8.3.6. Data processing only involves the technical operations necessary for the IT operation of the newsletter sending software.
9. User rights related to data processing
9.1. Right of access: At the User's request, the Data Controller provides information about the data processed by the User, or processed by the Data Processor appointed by them or at their direction, its source, the purpose of data processing, its legal basis, duration, the name and address of the Data Processor, and the activities related to data processing, as well as the circumstances, effects, and measures taken to mitigate any data protection incidents that may have occurred, and – in the case of the transfer of personal data of the data subject – the legal basis and recipient of the data transfer. The information will be provided by the Data Controller without undue delay, but no later than within one month from the receipt of the request.
Within the framework of the right of access, the Data Controller provides the User with a copy of the personal data subject to data processing no later than within one month from the receipt of the request. For additional copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs (according to point 15).
9.2. Right to data portability: The User has the right to receive the personal data concerning them, provided to the Data Controller, in a structured, commonly used, machine-readable format, and has the right to transmit this data to another data controller without hindrance from the data controller to whom the personal data was provided, if:
a) data processing is based on the User's consent or contract; and
b) data processing is carried out in an automated manner.
In exercising the right to data portability as mentioned above, the User is entitled to request the direct transfer of personal data between data controllers, if technically feasible.
9.3. The right to rectification: The User may request the rectification of their processed data, which the Data Controller shall fulfill without undue delay, but no later than one month from the receipt of the request. Considering the purpose of data processing, the User is entitled to request the completion of incomplete personal data – among other things, by means of a supplementary statement.
9.4. The right to restriction of processing: The Data Controller marks the personal data it processes for the purpose of restricting processing. The User is entitled to request the Data Controller to restrict processing if any of the following applies:
a) the User contests the accuracy of the personal data, in which case the restriction applies for the period that allows the Data Controller to verify the accuracy of the personal data;
b) the processing is unlawful, and the User opposes the deletion of the data and instead requests the restriction of its use;
c) the Data Controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims; or
d) the User has objected to the processing based on the legitimate interests of the Data Controller; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller override those of the data subject.
9.5. The right to erasure: The Data Controller shall delete the personal data if:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the User withdraws the consent on which the processing is based, and there is no other legal ground for the processing;
c) the User objects to the processing, and there are no overriding legitimate grounds for the processing, or the User objects to the processing of personal data for direct marketing purposes;
d) the personal data have been processed unlawfully;
e) the personal data must be deleted to comply with a legal obligation under Union or Member State law applicable to the Data Controller;
f) the User requests deletion, or objects to the processing, and the personal data were collected in relation to the offering of information society services directly to children.
The Data Controller shall inform the affected User, as well as all data controllers to whom the data have been previously disclosed, about the rectification, restriction, and deletion. Notification may be omitted if it proves impossible or requires disproportionate effort. At the User's request, the Data Controller shall inform them of these recipients.
9.6. The right to object: 1. The User is entitled to object at any time to the processing of their personal data based on the legitimate interest of the Data Controller for reasons related to their own situation. In this case, the data controller may not continue to process the personal data unless the data controller demonstrates that the processing is justified by compelling legitimate grounds which override the interests, rights, and freedoms of the data subject, or which relate to the establishment, exercise, or defense of legal claims.
10. 2. Fulfillment of User requests
3. 10.1. The Data Controller provides the information and measures specified in point 14 free of charge. If the request of the affected User is clearly unfounded or, particularly due to its repetitive nature, excessive, the Data Controller, taking into account the administrative costs associated with providing the requested information or notification or taking the requested action:
4. a) may charge a reasonable fee, or
5. b) may refuse to act on the request.
6. 10.2. The Data Controller shall inform the User of the measures taken in response to the request without undue delay, but no later than within one month of the receipt of the request, including the issuance of data copies. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by an additional two months. The Data Controller shall inform the User of the extension of the deadline, indicating the reasons for the delay, within one month of the receipt of the request. If the affected User submitted the request electronically, the Data Controller shall provide the information electronically, unless the affected User requests otherwise.
7. 10.3. If the Data Controller does not take action in response to the request of the affected User, it shall inform the affected party without undue delay, but no later than within one month of the receipt of the request, of the reasons for the inaction, as well as that the affected User may lodge a complaint with the supervisory authority specified in point 17, and may exercise their right to judicial remedy as stated therein.
8. 10.4. The User may submit their requests to the Data Controller in any way that allows for their identification. Identification of the User submitting the request is necessary because the Data Controller can only fulfill requests from authorized individuals. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, it may request additional information necessary to confirm the identity of the affected User.
9. 10.5. The User may send their requests by post to the address of the Data Controller, or by email to the email address. The Data Controller will only consider requests sent by email as authentic if they are sent from the email address provided by the User and registered with the Data Controller, while using another email address does not mean that the request will be disregarded. In the case of email, the time of receipt shall be considered the first working day following the sending. [email protected] 10. Data protection, data security.
11. 11. 11.1. The Data Controller ensures the security of the data in the course of its data processing and data handling activities, implementing technical and organizational measures as well as internal procedural rules to enforce the laws and other data and confidentiality protection regulations. It protects the processed data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction and damage, and against becoming inaccessible due to changes in the applied technology with appropriate measures.
12. 11.2. The data underlying the measurement of traffic and the mapping of website usage habits are recorded by the Data Controller's IT system in such a way that they cannot be directly linked to any individual from the outset.
13. 11.3. Data processing is carried out only for the purposes defined in this notice and for lawful purposes, to the extent necessary and proportionate, based on the relevant laws and recommendations, with appropriate security measures.
14. 11.4. To this end, the Data Controller uses the "https" scheme of the http protocol to access the website, which allows web communication to be encrypted and uniquely identified. In addition, in accordance with the above, the Data Controller stores the processed data in the form of protected data files, separated by data processing purpose, to which employees of the Data Controller performing tasks related to the activities specified in this notice have access, whose job responsibility is to protect the data and to handle this notice and the relevant laws responsibly. The Data Controller enters into a mandatory data processing agreement with the data processors it engages to ensure compliance with the relevant laws and to guarantee an adequate level of data security.
15. Enforcement of rights.
12. 16. Data subjects may exercise their rights before a court and may also turn to the National Authority for Data Protection and Freedom of Information:
17. National Authority for Data Protection and Freedom of Information
18. Address: 1055 Budapest, Falk Miksa utca 9-11.
19. Mailing address: 1363 Budapest, Pf. 9.
Mailing address: 1363 Budapest, P.O. Box 9.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: [email protected]
Website: http://www.naih.hu/
In the case of choosing the court route, the lawsuit - according to the choice of the affected User - can also be initiated before the court of the affected person's residence or temporary residence, as the adjudication of the lawsuit falls within the jurisdiction of the court.
