Website operated by:
GAL Vitamin Ireland 67 Carleton Village, Youghal, Co.Cork P36DP29 Ireland
Tax identifier: IE1475814H
Bank account number:
IBAN: IE98AIBK93430509683055
Company registry number: 626300
E-mail: info@galvitamin.ie
Phone: +353894630959
© 2022 GAL Vitamin Ireland All rights reserved.
Information on this website is intended for informational purposes only.
INTRODUCTION
A GAL SynergyTech Zrt. (address: 1076 Budapest, Sajó utca 4-8.. 01/Ü. company registration number: 01 10 141486) (hereinafter referred to as: Service Provider, data controller), its operation is regulated by the following Data protection information. This data controlling information is continuously available via the following website: www.gal.hu
Amendments to the regulation enter into force when published on the above website.
Registration number of the Data Controlling: NAIH-88443/2015.
DATA CONTROLLING RELATED TO THE REGISTRATION ONTHE WEBSITE
Legal basis for data controlling: data controlling is based on the data subject’s consent and on the following legal provision: Section 13/A (3) of Act CVIII of 2001 on Electronic Commerce and on Information Society Services, as well as on certain issues of services related to the information society (hereinafter referred to as Elker tv.).
Scope of data subjects: All Users are registered on the webshop website operated by the Service Provider.
Scope of the controlled data: client-defined password, contact person’s surname and first name, email address, phone number, delivery name and address, invoice name and address (in case of legal persons: company name, tax number, payment method, note), date of registration, IP address at the time of the registration.
Scope of data subjects: All Users registered to the webshop website. Purpose of data controlling: full use of the website operated by the Service Provider, such as conclusion of contracts for the provision of services or for purchase, determination and amendment of their contents, monitoring their fulfillment, invoicing the fees and premiums related thereto, as well as enforcing contract-related claims. If specifically agreed the User, the Service Provider may control the above personal data of the Users for the purpose of sending newsletter or other direct marketing message. Duration of data controlling, deadline for the deletion of the data: Immediately upon the deletion of the registration, or at any time, if requested so by the data subject.
At the same time, the Service Provider informs the users that in case of withdrawal of the consent, it cannot ensure the use of the website, so it also qualifies as the cancellation of the registration.
At the same time, the Service Provider informs the users that in the case of accounting documents, the accounting documents must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting, which also qualifies as the mandatory retention period of the data contained therein. In addition to the above, the Service Provider shall retain the data specified above for as long as required by the legislation in force at the time.
Potential data controllers entitled to access the data: Personal data can be controlled by the employees of the data controller, or in case of a separate written data processing agreement, the subcontractors hired by the data controller always in compliance with the data protection regulation effective at the time.
Information for the data data subjects regarding their rights related to data controlling: The following data can be modified on the websites: Password, surname and first name of the contact person, email address, phone number, delivery address and name, invoice name and address, tax number, payment method, note.
The data subject may initiate the deletion or modification of personal data in the following ways:
Other principles related to the operation of the webshop, followed by the Service Provider on the basis of the relevant legal regulations (non-exclusive list):
Deletion of data: The Service Provider deletes the managed data in case of non-conclusion of the contract, after the termination of the contract and after invoicing (except in the case of data retention required by law). The Service Provider shall also delete the data, if the purpose of the data controlling has ceased or the user so provides. Unless otherwise provided by the law, deletion of the data must be carried out immediately.
The Service Providers shall enable the recipients of the service to have access to information concerning the type of personal data the service provider is processing and the objectives at any time before and during the use of the information society services, including the processing of any data that may not be directly linked to the recipients of the service.
HANDLING COOKIES
Typical cookies for webshops are the so-called “cookie used for password-protected session”, “cookies required for shopping cart” and “security cookies”, the use of which does not require preliminary consent of the data subjects.
Legal basis for data processing is based on the data subject’s consent. No consent is required from the data subject, if the sole purpose of using the cookies is to relay communication over the electronic communications network, or if it is absolutely necessary for the service provider to provide services related to the information society and is explicitly requested by the user.
Fact of data controlling, scope of the controlled data: unique identifier, dates and times related to the use of the website.
Scope of data subjects: All data subjects visiting the website.
Purpose of data controlling: user identification, keeping “shopping cart” records, following up visitors. Duration of data controlling, deadline for the deletion of the data: Duration of data controlling in case of session cookies lasts until the end of visiting the website.
Information for the data data subjects regarding their rights related to data controlling: The data subject is granted the option to delete the cookies in the Tools/Settings menu of web browsers, usually under the settings in Data Privacy menu item.
The Service Provider measures the traffic data of the web store using the Google Analytics service. During the use of the service data are transferred. The transferred data are not suitable for identification. For further information about data protection principles of Google, visit www.google.hu/policies/privacy/ads/
Pursuant to Section 6 of Act XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities, and Section 5 (1) of the Info tv., the User may give his/her explicit preliminary consent for the Service Provider to approach him/her with campaign offers and other letters using the contact details specified during the registration, and to control his/her personal data for the purpose of sending campaign offers.
Legal basis for data controlling: The User may unconditionally and without explanation unsubscribe from receiving campaign offers. In this case, the Service provider shall immediately delete from its records all personal data necessary for sending advertisements, and shall no longer approach the User with campaign offers. The User may unsubscribe from the advertisements by clicking on the link in the message.
Fact of data controlling, scope of the controlled data: name, email address, date and time.
Scope of data subjects: All data subjects subscribed to the newsletter.
Purpose of data controlling: sending electronic messages to the data subjects containing advertisements, providing information on current news, products, campaigns, new functionalities, etc. Duration of data controlling, deadline for the deletion of the data: data controlling terminates upon the withdrawal of the statement of consent, i.e. until the unsubscription.
Information for the data data subjects regarding their rights related to data controlling: Data subjects may unsubscribe from the newsletter at any time free of charge.
The data subject may request information from the data controller on the processing of his or her personal data, or request the rectification, erasure or blocking of his or her personal data. The Service Provider, as data controller, is obliged to provide the information requested by the customer in writing in a comprehensible form as soon as possible after the submission of the information request, but not later than within 30 days.
If you have any questions or doubts about the data controlled by the Service Provider, or if you request information about your data, you can do so by e-mail, which should be sent to the e-mail address ugyfelszolgalat [at] gal.hu.
A detailed explanation of the data subjects’ rights related to data controlling and the legal remedy options can be found in the Chapters Rights and Legal Remedies of Data Subjects.
The advertiser, the advertising service provider or the publisher of the advertisement shall keep records of the personal data of the persons who have made a statement to them, to the extent specified in the consent. The data contained in this register relating to the recipient of the advertisement may be controlled only in accordance with the statement of consent until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
DATA TRANSFER
Legal basis for transferring the data: consent of the data subject, Section 5 (1) a) of the infotv., as well as Section 13/A (3) of Act CVIII of 2001 on Electronic Commerce and on Information Society Services, as well as on certain issues of services related to the information society.
Fact of data controlling, scope of the controlled data: Password, surname and first name of the contact person, email address, phone number, delivery address and name, invoice name and address, tax number, payment method, note, date of registration, IP address at the time of the registration.
Scope of data subjects: All data subjects. Purpose of data controlling: Ensuring the functions of the website. Duration of data controlling, deadline for the deletion of the data: Data controlling terminates, when the data subject’s consent is withdrawn.
Potential data controllers entitled to access the data: The following persons may process personal data as data processors, subject to the relevant legislation: Hosting provider:
Neucom Bt., 1144 Budapest, Ond vezér útja 17/a Phone number: +36 1 422-1836 FAX: +36 1 422-1637 Central email address: info [at] neucom.hu
Packages are delivered by the DPD Courier Service Phone: +36 1 501 6200, Fax: +36 1 501 6214, Phone: + 36 1 501 6200 Toll-free number: +36 40 100 373, Opening hours: Mon: 7 a.m. to 7 p.m., Tue-Fri: 8 a.m. to 6 p.m., Data protection rules: www.dpd.com/hu/home/siteutilities/adatvedelmi_nyilatkozat2 GTC: www.dpd.com/hu/home/siteutilities/aszf
Information for the data data subjects regarding their rights related to data controlling: The data subject may request information from the data controller on the processing of his or her personal data, or request the rectification, erasure or blocking of his or her personal data.
The Service Provider, as data controller, is obliged to provide the information requested by the customer in writing in a comprehensible form as soon as possible after the submission of the information request, but not later than within 30 days. If you have any questions or doubts about the data controlled by the Service Provider, or if you request information about your data, you can do so by e-mail, which should : be sent to the e-mail address ugyfelszolgalat [at] gal.hu. A detailed explanation of the data subjects’ rights related to data controlling and the legal remedy options can be found in the Chapters Rights and Legal Remedies of Data Subjects.
Legal basis for transferring the data: consent of the of User, Section 5 (1) a) of the infotv., as well as Section 13/A (3) of Act CVIII of 2001 on Electronic Commerce and on Information Society Services, as well as on certain issues of services related to the information society. (E) Data security
The data controller shall plan and carry out the data processing operations in such a way as to ensure the protection of the privacy of the data subjects.
The data controller and the data processor are obliged to ensure the security of the data, and to take the technical and organizational measures and to establish the procedural rules necessary to enforce the Infotv. and other data and confidentiality rules.
Data in shall shall be protected the adequate measures, especially against unauthorized access, alteration, forwarding, disclosure, deletion or destruction, as well as accidental destruction or damage and becoming unavailable due to the change of the applied technology.
In order to protect the data files processed electronically in the different registers, an appropriate technical solution shall ensure that the data stored in the registers cannot be linked and assigned directly to the data subject, unless permitted by law.
In the course of automatic processing of personal data, the data controller and the data processor shall implement additional measures to ensure
When defining and applying the measures serving the safety of the data, the data controller and the data processor shall take into account the the current level of technical development. From the potential data controlling solutions, the one granting a higher level of protection of personal data should be chosen, unless if this would represent a disproportionate burden for the controller.
The data subject may request the Service Provider to provide information on controlling his/her personal data, request the personal correction of his/her personal data, as well as request deleting or blocking his/her personal data - except for mandatory data controlling.
Upon the data subject’s request, the data controller shall provide information about the data subject’s data controlled by the data controller or processed by the assigned data processor: their source, the purpose, legal basis, duration of data controlling, name, address and activities of the data processor related to the data controlling, furthermore - if personal data of the data subjects are transferred - legal basis and recipient of the data transfer.
In order to check the lawfulness of the data transfer and to inform the data subject, the data controller shall keep a data transfer register containing the date of the transfer of personal data processed by him, the legal basis and recipient of the transfer, the definition of the transferred personal data and other data required by law on data controlling.
The data controller, is obliged to provide the information requested by the data subject in writing in a comprehensible form as soon as possible after the submission of the information request, but not later than within 30 days. The information is provided free of charge.
Upon the User’s request, the Service Provider shall provide information about the controlled data: their source, the purpose, legal basis, duration of data controlling, name, address and activities of the data processor related to the data controlling, furthermore - if personal data of the data subjects are transferred - legal basis and recipient of the data transfer. The Service Provider is obliged to provide the information requested by the customer in writing in comprehensible form as soon as possible after the submission of the information request, but not later than within 30 days. The information is provided free of charge.
The Service Provider shall correct the personal data if the personal data does not correspond to reality and the personal data corresponding to reality is available to the data controller.
Instead of deleting, the Service Provider will block the personal data if the User so requests or if, based on the information available to him, it can be assumed that the deletion would harm the legitimate interests of the User. Blocked personal data may only be controlled for as long as the purpose of the processing, which precluded the deletion of personal data, exists.
The Service Provider shall delete the personal data, if is illegal, requested so by the User, the controlled data are deficient of faulty - and this situation cannot be legitimately remedied - provided that such deletion is not excluded by the law, the purpose of data processing has been terminated or the deadline to store the data specified by the law has expired, it was so ordered by the National Data Protection and Freedom of Information Authority.
The data controller shall mark the controlled personal data, if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly identified.
The rectification, blocking, marking and erasure shall be notified to the data subject and to all persons to whom the data have previously been transmitted for data processing purposes. The notification may be omitted if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing.
If the controller does not comply with the data subject's request for rectification, blocking or erasure, he shall state in writing the reasons in fact and in law for rejecting the request for rectification, blocking or erasure within 30 days of receipt of the request. In case if the request for correction, deletion or blocking is rejected, the data controller shall inform the concerned individual on the options of legal remedy and application to the Authority.
Furthermore, the data subject is entitled to receive the personal data related to him/her and made available by him/her to the data controller in an articulate, broadly used format readable by machine, furthermore, he/she is entitled to forward these data to another data controller without being prevented by by data controller, provided that the data controlling takes place automatically.
The data subject is entitled to remain outside the effect of decisions based solely on automatic data controlling - including profiling - which would have a legal impact on the data subject, or would have a similarly significant impact on him or her, except if (i) it is necessary for the conclusion or fulfillment of a contract between the data subject and the data controller, (ii) making the decision is allowed by the community or Hungarian law, or (iii) the data subject granted his or her explicit consent.
LEGAL REMEDY
The User may object the controlling of his or her personal data, if
a) the controlling or transmission of personal data is necessary only for the fulfillment of a legal obligation to the Service Provider or for the enforcement of the legitimate interest of the Service Provider, the data recipient or a third party, unless the data controlling has been ordered by law;
b) personal data are used or transmitted for the purposes of direct business acquisition, public opinion polling or scientific research;
c) otherwise stipulated so by the law.
The Service Provider shall examine the objection within the shortest time from the submission of the application, but not later than within 15 days, make a decision on the merits of the application and inform the applicant in writing of its decision. If the Service Provider establishes the validity of the data subject's objection, it terminates the data processing, including further data collection and data transfer, and blocks the data, and notifies all those to whom it has previously transmitted the personal data affected by the protest, and who are obliged to take action to enforce the right to protest. If the User does not agree with the decision made by the Service Provider, he may appeal against it to the court within 30 days of its notification. The court will proceed of turn. Complaints against possible breaches of the data controller can be lodged with the National Data Protection and Freedom of Information Authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Postal address: 1530 Budapest, PO box: 5. Telephone: +36 -1-391-1400 Fax: +36-1-391-1410 E-mail: ugyfelszolgalat [at] naih.hu
JUDICIAL ENFORCEMENT
It is the obligation of the data controller to prove that the data controlling is in compliance with the legal provisions. The recipient of the data is obliged to prove the lawfulness of the data transfer.
Settlement of the lawsuit is in the power of the tribunal. At the data subject’s discretion, the lawsuit can also be launched before the tribunal competent according to the residence or location of the data subject.
A party who does not otherwise have legal capacity to sue may also be a party to the lawsuit. The Authority may intervene in the proceedings in order for the data subject to succeed.
If the court grants the request, the data controller is obliged to provide the information, to correct, block, delete the data, to annul the decision made by the automated data processing, to take into account the data subject's right to object or to release the data requested by the data recipient.
If the court rejects the data recipient's request, the data controller is obliged to delete the personal data of the data subject within 3 days from the notification of the judgment. The data controller is obliged to delete the data even if the data recipient does not go to court within the specified time limit.
The court may order the publication of its judgment, by publishing the identity of the data controller, if the interests of data protection and the protected rights of a larger number of data subjects so require.
INDEMNIFICATION
The data controller shall be obliged to compensate for the damage caused by illegitimate controlling of the Data Subject’s data or violation of the data security requirements. The data controller is also liable to the data subject for any damage caused by the data processor. The data controller shall be released from the responsibility, if he can prove that the damage was caused by an unavoidable cause outside the scope of data controlling. The damage need not to be compensated for, if it was the result of the harmed party’s deliberate of grossly negligent behavior.
APPLICABLE LEGAL PROVISIONS:
Contact us via info@galvitamin.ie we will be happy to answer you.