Skip to main content

Privacy Policy

 

Coffee Lovers Kft.
data processing notice  

Coffee Lovers Kft (registered office: 6720 Szeged, Tisza Lajos körút 14, I. em. 4, tax number: 25856279-2-06, telephone number: 06703811178, e-mail: info@rockcandystickshop.com, represented independently by: Márton Gábor Nagy, managing director, name and contact details of data protection officer/contact person: ), as Data Controller, hereby informs you in summary and briefly of the data processing activities performed by it and other relevant facts.

 

The Controller draws the attention of data subjects to the fact that

  • data subjects may exercise their rights (right of access, right to rectification, right to erasure and ‘to be forgotten’, right to blocking/restriction of data, right to object, right to data portability, right to withdraw consent, see the detailed descriptions of the rights at the end of the notice) by sending a request to the e-mail address info@rockcandystickshop.com, or by a statement sent to other contact details of the Controller, and they can file a complaint with the authority (for contact details see: NAIH, www.naih.hu), and if they consider that their rights have been violated, they can turn to the court with jurisdiction over their place of residence. The Controller draws the attention of the data subjects to the fact that special conditions or restrictions may apply to the exercise of their rights in connection with specific data processing, which factors the Controller must examine in the case of the exercise of data subjects’ rights. In the event that a data subject is unable to exercise his/her rights in relation to a specific processing, the Controller shall inform the data subject in writing (including by electronic means) of the factual and/or legal reasons for excluding/restricting the exercise of the right.
  • the Controller shall, in particular, within the scope of its tasks related to IT protection ensure that:
    • unauthorised persons are refused access to equipment used for data processing (hereinafter referred to as “data processing system”);
    • unauthorised reading, copying, alteration or removal of data carriers is prevented;
    • unauthorised input of personal data into the data processing system and the unauthorised knowledge, alteration or erasure of personal data stored therein is prevented;
    • the use of data processing systems by unauthorised persons using data transmission equipment is prevented;
    • persons authorised to use the data processing system have access only to the personal data specified in the access authorisation,
    • it is possible to verify and establish to which recipients personal data were or may be transmitted or were or may be made available by means of data transmission equipment;
    • it is possible to verify and establish subsequently which personal data were entered into the data processing system, at what time and by whom;
    • the unauthorised knowledge, copying, alteration or erasure of personal data during transfers of personal data or during transportation of data media is prevented;
    • the data processing system can be recovered in the event of a breakdown;
    • the data processing system is functional, that a report is prepared of any errors that arise in its operation, and that the stored personal data cannot be changed even if the system malfunctions.
  • more detailed explanations of each of the data processing operations defined in the table below are also available in paper-based format at the Controller’s registered office/site and the Controller will send them electronically to the data subject upon request.
  • profiling does not take place for any processing operations.
  • disclosure of data to a third party may take place in respect of a specific processing operation which is set out in the detailed notice for that specific processing operation.
  • cookie information was stipulated separately.
  • The Controller carries out other data processing regarding which the data subject can find more detailed information in a notice that is separate from this notice.

 

Summary table of data processing related to one-time request for and provision of information
PurposeLegal basisData SubjectsData categoryDurationSource
providing appropriate information to the data subject and communication accordinglyfreely given consent or compliance with statutory obligations or is based on an agreement or a legitimate interest or vital interestAny natural person, including a representative acting on behalf of an organisation, who contacts the Controller and requests/receives information from the ControllerSee details in the data processing notice/descriptionuntil the purpose is achieved or a request for erasure is made, or

within the time limit set by law, or

within the limitation period or until cessation of the legitimate interest

Data Subjects

 

Summary table of data processed for continuous, regular contact with the data subject
PurposeLegal basisData SubjectsData categoryDurationModeSource
keeping in touch with the data subject, answering and resolving questions, requests and other issuesfreely given consent or compliance with statutory obligations or is based on an agreement or a legitimate interest or statutory obligation or vital interestAny natural person, including a natural person acting on behalf of an organisation, who, is in constant or regular contact with the Controller beyond just a single request for informationSee details in the data processing notice/descriptionuntil the purpose is achieved or a request for erasure is made, or

within the time limit set by law, or

within the limitation period or until cessation of the legitimate interest

done electronically and/or on paper, manuallyData Subjects

 

Summary table of data processing related to requests for offers made by the data subject and the offer submitted by the Controller
PurposeLegal basisData SubjectsData categoryDurationModeSource
providing an appropriate offer to the data subject and communicationfreely given consent, or Article 6 (1) (b) of the GDPRAny natural person, including a natural person acting on behalf of an organisation, who, requests an offer from the Controller providing his or her personal dataSee details in the data processing notice/descriptionduring the validity period or if the offer is accepted, until the expiry of the legal relationship, or in the case of data processing on the basis of a legitimate interest, until its cessationdone electronically and/or on paper, typically electronically, manuallyData Subjects

 

Summary table of data processing related to entering into a contract
PurposeLegal basisData SubjectsData categoryDurationModeSource
entering into and performance of the contract, monitoring performance, communicationEntering into a contract (GDPR Article 6 (1) (b)

the processing of the data of the representative or contact person is based on a legitimate interest

Any natural person, as well as any natural person acting on behalf of and representing an organisation, who, by providing personal data, enters into a contract with the Controller on their own behalf, or appear in the contract as a representative or contact personSee details in the data processing notice/description8 years or

the duration specified in the contract or

cannot be discarded, so it cannot be erased

done electronically and/or on paper, manuallyData Subjects

 

Summary table of data processing for managing (booking) appointments
PurposeLegal basisData SubjectsData categoryDurationModeSource
providing the data subject with an appointment and communicationbased on freely given consent or, if required by law, is based on a legal obligationAny natural person, including a natural person acting on behalf of an organisation, who, requests books/agrees on an appointment providing his or her personal dataSee details in the data processing notice/descriptionuntil the purpose is achieved, or within the general limitation period or until the existence of a legitimate interestdone electronically and/or on paper, manuallydata subjects

 

Summary table of data processing related to declarations of consent
PurposeLegal basisData SubjectsData categoryDurationSource
the verifiability of the legal basis for data processing and performance of the consent and communication.freely given consentAny natural person who gives a declaration of consent to the Controller to the processing of their data for any purposesee details in the data processing noticeuntil withdrawal/cancellation of consent

the declarations of consent are deleted after the expiry of the limitation period following the revocation

data subjects

 

Summary table of data processing related to handling of complaints
PurposeLegal basisData SubjectsData categoryDurationModeSource
identification of the data subject and the complaint, handling the complaint and communicationStarts with freely given consent, but under Article 6 (1) (c) of the GDPR, the processing is necessary for compliance with a legal obligation to which the controller is subjectAny natural person who submits a complaint regarding a service used, a product purchased and/or the conduct, activity or omission of the ControllerSee details in the data processing notice/descriptionThe Controller processes the record of the complaint and a copy of the response for 5 years from the date of their recording in accordance with the Consumer Protection Actdone electronically and/or on paper, manuallyData Subjects

 

Summary table of processing related to the registration of the data subject (customer and partner).
PurposeLegal basisData SubjectsData categoryDurationModeSource
identification of and communication with the data subject, monitoring performance of the contract (where applicable)based on contract or

necessary for compliance with a legal obligation or based on a legitimate interest

Any natural person as well as representatives of non-natural persons who are or wish to be the Controller’s Partner/clientSee details in the data processing notice/descriptionuntil erasure at the request of the data subject

until erasure due to failure of data reconciliation,

until erasure due to death of data subject,

if required by the Controller’s interest, it lasts until the interest ceases.

The Controller may declare the register to be of permanent value, therefore the data contained in it cannot be deleted

done electronically (paper based), manuallydata subjects, possibly a partner

 

Summary table of data disclosure (to third parties)
PurposeLegal basisData SubjectsData categoryDurationModeSource
Specific purposeconsent, compliance with legal obligation, agreement, legitimate interestAny natural person, including a natural person acting on behalf of or representing an organisation, whose data the Controller discloses to a third partySee details in the data processing notice/descriptionUntil the purpose is achieved or expires or until the time limit specified by law or cessation of legitimate interestDone electronically and/or on paper, manually, in compliance with data security requirements and the principle of confidentialityData subjects, data processor, public register

 

Summary table of processing in connection with registration on the https://coffeelovers.hu/; https://kavezom.hu/; https://coffeetry.hu/; https://rockcandystickshop.com/; https://erythritolshop.com/ websites
PurposeLegal basisData SubjectsData categoryDurationModeSource
recording the data of the data subject, granting, exercising and checking his/her rights, discounts and access, facilitating use of the services, and communicationfreely given consentAny natural person who voluntarily registers on the Controller’s website by providing their personal datasee website and data processing noticeuntil erasure at the request of the data subject or until cessation of legitimate interestelectronically, input manually, recording in a registration system automaticallydata subjects

 

Summary table of processing in connection with logging into the https://coffeelovers.hu/; https://kavezom.hu/; https://coffeetry.hu/https://rockcandystickshop.com/; https://erythritolshop.com/ websites
PurposeLegal basisData SubjectsData categoryDurationModeSource
identification of, granting authorisations to and monitoring data subjects logging into the websitefreely given consentAny natural person who logs into the Controller’s websiteSee details in the data processing notice/descriptionuntil erasure at the request of the data subject, until cessation of legitimate interestelectronically, automatically, via a secret channeldata subjects

 

Summary table of data processing related to orders placed through the website (web store)
PurposeLegal basisData SubjectsData categoryDurationModeSource
placing the order and communicationFor consumers, the agreement, processing of the contact persons’ data is based on a legitimate interestAny natural person, including a natural person acting on behalf of an organisation, who, orders a product (service) from the ControllerSee details in the data processing notice/descriptionUntil dismissal or for 8 years because it forms the basis of accounting records,Electronically, processing is done manuallyData Subjects

 

Summary table of data processing related to sending newsletter
PurposeLegal basisData SubjectsData categoryDurationModeSource
complete general or personalised and regular information of the recipient about the latest promotions, events and news of the Controllerbased on freely given consentAny natural person who wishes to be notified regularly of the Controller’s news, promotions and discounts and therefore subscribes to the newsletter by giving his/her personal dataSee details in the data processing notice/descriptionUntil cancelling of subscriptionsubscription is done electronically or on paper, manually

sending electronically, automatically

cancelling of subscription is done electronically or on paper, manually

 

Data Subjects

 

Summary table of data processing related to measuring customer satisfaction
PurposeLegal basisData SubjectsData categoryDurationModeSource
improving the quality of services, products, the Controller’s behaviour, investigating possible complaints and communicationLegitimate interest of the Controller but can also be consentAny natural person who participates in customer satisfaction measurement as part of the Controller’s quality assurance processSee details in the data processing notice/descriptionUntil the purpose is achieved, in case of a complaint for 5 yearsdone electronically and/or on paper, manuallyown records of data subjects

 

Summary table of data processing related to social media marketing
PurposeLegal basisData SubjectsData categoryDurationModeSource
Controller’s marketingFreely given consentNatural persons who voluntarily follow, share, like the Controller’s social media site or the content appearing on itSee details in the data processing notice/descriptionUntil erasure at the request of the data subject or until cessation of legitimate interestDone electronically manuallyData Subjects

 

Rights of the Data Subject 

Right of access (GDPR Article 15)

The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information related to the circumstances of processing. Where personal data are transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer. The Controller shall provide a copy of the personal data undergoing processing to the data subject, if the data subject requests.

 

Right to withdraw consent (GDPR Article 7)

The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Right to rectification (GDPR Article 16)

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

 

Right to object (GDPR Article 21)

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on GDPR Article 6(1) point (e) or (f).

The Controller shall no longer process the personal data unless the controller demonstrates legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.

 

Right to restriction of processing (GDPR Article 18)

The data subject has the right to obtain from the Controller restriction of processing where any of the conditions listed in GDPR apply and in such case the Controller shall, with the exception of storage, not carry out any operations with the data.

Where the data subject has objected to processing; pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

Right to erasure (‘right to be forgotten’) (GDPR Article 17)

The data subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where the data processing has no purpose, the data subject withdrew consent and there is no other legal basis, in case of objection there are no overriding legitimate grounds for the processing or if the data have been unlawfully processed, and the data must be erased for compliance with a legal obligation. Where the Controller has made the personal data public and is obliged to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

 

Right to data portability (GDPR Article 20)

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the statutory conditions are met.

 

Right to withdraw consent (GDPR Article 7)

The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Supervisory authority contact details for complaints (GDPR Article 77)

Hungarian National Authority for Data Protection and Freedom of Information

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Tel: +36 (1) 391-1400

Fax: +36 (1) 391-1410

www: http://www.naih.hu

e-mail: ugyfelszolgalat@naih.hu

 

For the court competent according to your place of residence please go to: https://birosag.hu/birosag-kereso

  

Closed on: 17 February 2020
Gábor Márton Nagy
Managing Director
Coffee Lovers Kft.