fbpx

Data management policy

Based on Regulation 2016/679 of the European Parliament and of the Council (EU) 2016 (hereinafter: ’GDPR’)

Name of the data controller organization: Brilliance Tisztítószer Gyártó Korlátolt Felelősségű Társaság [limited liability company]

[Company registration number: Cg. 01-09-671313]

Registered office of the data controller organization: H-1211 Budapest, Színesfém utca 17-25.

Representatives of the data controller (name, position): Antal Nagy Executive, Gábor Nagy Executive.

Name of the Data Protection Officer: Antalné Nagy, birth name: Anna Lídia Rónay

Contact details of the Data Protection Officer:

Postal address: H-1211 Budapest, Színesfém utca 17-25.

E-mail: nagy.antalne@tisztitoszer.hu

Phone: 06 (20) 446-4983

Based on this privacy policy, we inform the data subject that the purpose of the data management is:

Invoicing, mailing, marketing use, for example: newsletter sending, targeted ad display, personalized offers.

The scope of the personal data you have received from the data subject:

Name, e-mail address, phone number, invoicing and shipping addresses, scope of activities.

The data subject acknowledges that the controller handles the above personal data on the following legal bases:

– The consent of the data subject.

– Data management is necessary for the performance of a contract in which the data subject is a party, or it is necessary to take action at the request of the data subject prior to the conclusion of the contract.

– Data management is necessary to fulfil the legal obligation of the data controller.

– Data management is necessary to protect the vital interests of the data subject or another natural person.

– Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of a public authority delegated to the data controller.

– Data management is necessary for enforcement of the legitimate interests of the data controller or a third party, unless such interests have priority over the interests or fundamental rights and freedoms of the data subject which necessitate the protection of personal data, in particular if the data subject is a child.

We inform the data subject that if the provision of your personal data is based on a contractual obligation or a prerequisite for the conclusion of a contract, the possible consequence of the failure to provide data is the following: In case of purchase, we are unable to invoice, ship, so the purchase fails and the order cannot be recorded.

We also inform the data subject that the company, as data controller, does not use automated decision making and does not apply profiling.

We inform the data subject that the recipients of the personal data and the categories of recipients are: Brilliance Kft., and its employees and subcontractors.

We inform the data subject that the data controller does not wish to transfer personal data to a third country or international organization.

By accepting this privacy policy, the data subject expressly consents to the processing of personal data within the scope, purpose and legal basis of this privacy policy. The data subject acknowledges the contents of this privacy policy by accepting it. The data controller considers the acceptance of this privacy policy as a voluntary, concrete declaration based on appropriate information of the will of the data subject.

We inform the data subject that the duration of the storage of the personal data recorded, if the law does not specify a specific period, is the period for which its legal basis exists.

We inform the data subject of his/her right to request access to, rectification, erasure or restriction of processing of the personal data relating to him or her, and that he/she may object to the processing of personal data. We also inform the data subject of his/her right to data portability.

We inform the data subject that he/she may revoke your consent to data management at any time, which, however, does not affect the legality of the data processing performed prior to the revocation. We inform the data subject of his/her right to file a complaint with the supervisory authority, if justified.

The controller shall designate a data protection officer for the purpose of contacting the data subject. We inform the data subject that he/she can submit his/her requests to the company in the following way: In writing by letter sent to the company’s address (registered office), in an electronic way by e-mail sent to the company’s (Data Protection Officer) e-mail. Written and electronic requests should be addressed to the organisation’s Data Protection Officer or representative. In the case of an oral request, the company may fulfil requests by telephone or in person if the data subject can properly verify his/her identity. Please note that the data controller’s procedure is governed by applicable law and the company’s privacy policy. The privacy policy of the company as a data controller is available at the company’s registered office and on its website.

We also inform the data subject that in case if the data was not recorded from the data subject, the controller will indicate the source of the personal data in the following: In the case of personal data obtained from third parties, we record from whom the data was obtained.

We also inform the data subject that in case of the data subject is a child, the data controller then requires that the consent be given or authorized by the parent or guardian exercising parental control over the child, for the recording and managing of personal data.

The company does not record, collect or process specific personal data or criminal personal information. Personal data of the data subject is collected by the controller – exceptionally – only after when the data subject has been informed prior to this, which information has explicitly covered the rules on specific personal data.

We inform the data subject of the measures taken in the field of data security: The data controller implement appropriate technical and organizational measures to ensure data security taking into account the state of science and technology and the costs of implementation, and the nature, risk of the data management. In this context, the data controller anonymizes and encrypts personal data in a specific case, keeps the IT and non-IT systems used to manage personal data safely and continuously maintains its security. It provides the possibility to restore personal data in the event of an unexpected privacy incident. The data controller ensures that personal data are only accessible to those who are authorized to process the data and who have given adequate guarantees to maintain those contained in the current legislation and the privacy policy. The data controller pays attention to the regular training and auditing of the company’s employees to ensure that all employees of the company are properly trained in maintaining privacy rules, knowing the current legislation and privacy policy.