I. Introduction
The purpose of this Privacy Policy is to set out the lawful use of the registers and databases maintained by profinails.eu and Profinails Cosmetics Plc. as the data controller (hereinafter referred to as the "Data Controller"), as well as the principles of data protection, the right to information self-determination and data security.
The Data Controller acknowledges that it is bound by the contents of this legal notice and agrees to ensure that all processing of data relating to its activities complies with the requirements set out in this Policy and in the applicable legislation and European Union acts.
The Data Controller is committed to protecting the personal data of its customers and partners, treats personal data confidentiality and takes all security, technical and organizational measures to guarantee the security of the data.
The purpose of this Policy is to ensure that the Data Controller determines the lawfulness of the records of personal data held by it, ensures that the personal data of individual persons who come into contact with it are processed and stored in accordance with the legal conditions in force at the time, in such a way that the rights of these individuals to the protection of their personal data are not violated.
This Policy is applicable in all cases where the Controller processes personal data of natural persons wholly or partly by automated means, as well as in cases where the non-automated processing of personal data forms part of a filing system or is intended to form part of such a filing system.
This Privacy Notice also governs the processing activities of the profinails.eu website operated by the Controller.
II. Data controller’s details
Profinails Cosmetics Plc.
Registered office: H-6100 Kiskunfélegyháza Gábor Dénes park 8. (Industrial Park)
Address: H-6100 Kiskunfélegyháza Bajcsy-Zsilinszky u. 19.
Company registration number: Cg-03-10-100467
Registering authority: Company Court of Kecskemét General Court
Tax number: 24371645-2-03
e-mail address: profinails@profinails.eu
Contact person: Deákné Kovács Szilvia (secretariat)
Phone number: +36 76 656 124
Customer service: +36 20 4884435
III. Laws on which the data processing is based
IV. Definition and interpretation of personal data
V. Principles of personal data processing
5.1. Personal data must be processed lawfully and fairly and in a transparent manner for the data subject ("lawfulness, fairness and transparency");
5.2. Personal data should be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purposes in accordance with Article 89(1) ("purpose limitation");
5.3. Personal data must be adequate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimisation');
5.4. The personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay ("accuracy");
5.5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects ("limited storage");
5.6. Personal data must be processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage ("integrity and confidentiality"), by implementing appropriate technical or organizational measures. The controller is responsible for compliance with the above and must be able to demonstrate such compliance ("accountability").
5.7. Personal data may be transferred to a controller in a third country or further transferred to a processor in a third country if the data subject has given his or her explicit consent or if the conditions for processing set out above are met and the third country ensures an adequate level of protection for personal data when processing and handling the data transferred. Transfers to EEA States shall be considered as transfers within the territory of Hungary.
VI. Processing the personal data
6.1. The Data Controller processes data on the basis of the voluntary consent of the data subjects or on the basis of a legal authorisation.
The Data Subject shall be informed before the data is collected whether the provision of the data is voluntary or mandatory..
The Data Controller shall make this Privacy Notice available to Data Subjects by publishing it on its website, at its headquarters, at its events and by making it available to Data Subjects before requesting their consent. The Data Subject acknowledges his/her knowledge of the processing and gives his/her consent to the processing of his/her personal data.
The Data Subject shall be informed, in a clear and detailed manner, of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.
The information may be provided, in particular in the case of processing for statistical or scientific purposes, by making public the fact of collection, the data subjects, the purposes of collection, the duration of processing and the availability of the data in a way accessible to the public, where it would be impossible or would entail disproportionate costs to provide information to individuals.
In the case of voluntary consent, the data subject may at any time request information on the scope of the data processed and the way in which they are used, and may withdraw his or her consent, except in specific cases where the processing is continued pursuant to a legal obligation - in such cases the Controller shall provide the data subject with information on the further processing of the data.
Personal data may also be processed where obtaining the data subject's consent would be impossible or would involve disproportionate costs and the processing of the personal data is necessary for compliance with a legal obligation to which the controller is subject or is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the pursuit of those interests is proportionate to the restriction of the right to the protection of personal data.
6.2. The Data Controller undertakes to notify the Data Subjects of any changes to its principles and practices regarding the processing of personal data in advance. Such changes shall also be posted on the Controller's website. The processing must always reflect the principles and practices actually applied.
6.3. The Data Provider is obliged to communicate all the data provided accurately and to the best of his/her knowledge. Where the Data Provider does not provide his or her own personal data, the Data Provider has an obligation to obtain the consent of the Data Subject.
6.4. If the Data Controller transfers data to processors, joint Data Controllers or other third parties, the Data Controller shall keep a separate "Data Transfer Register". The record of the transfer must include the recipient of the data transfer, the method and time of the transfer and the scope of the data transferred.
6.5. The Data Controller shall not carry out profiling in relation to the processing of personal data.
VII. Certain data processing carried out by the Data Controller:
7.1. Contact management, contact in person, by telephone, e-mail, quotation
7.1.1. Scope of personal data processed:
Name, e-mail address, phone number, address
7.1.2. Purpose of processing:
Contacting interested customers, providing information about products
7.1.3. Legal basis for processing:
Voluntary consent of the Data Subject
Withdrawal of the Data Subject's consent does not affect the existence of lawful processing prior to the withdrawal.
7.1.4. Duration of processing: six months
7.1.5. Processing method: paper and electronic (e-mail)
7.2. Contract completion – purchase
7.2.1. Personal data processed: name, address, telephone number, e-mail address, delivery address
7.2.2. Purpose of data processing:
Identification of the contracting partner, conclusion of the contract, performance of the obligation arising from the contract, fulfillment of the invoicing obligation, retrieval and verification of the data in the event of any dispute or claim.
7.2.3. Legal basis for data processing:
7.2.4. Duration of data processing:
The Data Controller shall store the data referred to above for a period of 5 years + 1 year from the date of performance of the contract or failure to perform the contract (the limitation period for claims arising from the contract).
7.2.5. The Data Controller transfers the Data Subject's data to third parties in the following cases:
7.3. Billing
7.3.1. The type of personal data processed:
In order to fulfill the obligations set out in Act CXXVII of 2007 and Act C of 2000 on Accounting, the invoice shall include the following personal data: name, address, tax number or tax identification number.
7.3.2. The purpose for data processing:
To fulfil the obligations under Act CXXVII of 2007 and Act C of 2000 on Accounting.
7.3.3. Legal basis for processing:
a.) Article 6 (1) c) of Regulation 2016/679 of the European Parliament and of the Council, which states that "processing is necessary for compliance with a legal obligation"
b.) Act CXII of 2011, Act on the Right to Informational Self-Determination and Freedom of Information, § 5(1)(a) "it is ordered by law or, on the basis of the authorisation of the law, within the scope specified therein, in the case of data that are not considered special data or personal data in the criminal field, by decree of a local government for a purpose in the public interest"
7.3.4. Duration of processing: 8 years.
In order to fulfil accounting obligations, pursuant to Article 169 of Act C of 2000, "Accounting documents (including general ledger accounts, analytical or detailed records) which directly and indirectly support the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records."
7.3.5. Method of processing: on paper and in electronic form
7.3.6. The Data Controller shall transfer the Data Subject's data to third parties in the following cases:
The scope of the data processed: all personal data provided by the Data Subject.
Data subjects: all data subjects using the website.
The purpose for the processing: to make the website available and to ensure its proper operation.
Duration of processing, time limit for removal of data:
The data processing lasts until the termination of the agreement between the data controller and the hosting provider or until the data subject's request for deletion to the hosting provider.
Legal basis for processing:
The user's consent, in accordance with the Info tv. Article 5(1)(b), Article 6(1)(a), and Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
7.4. Contact at the e-mail address profinails@profinails.eu indicated on www.profinails.eu
7.4.1. Nature of personal data processed: name, telephone number, address, e-mail address.
7.4.2. Purpose of data processing: contacting, answering inquiries, providing information about products
7.4.3. Legal basis for processing: voluntary consent of the Data Subject
Withdrawal of the Data Subject's consent does not affect the existence of lawful processing prior to the withdrawal.
7.4.4. Duration of processing: six months
In the event that processing is carried out for other purposes following the contact, the rules applicable to the processing of the Data Subject's data for the specific purposes shall apply.
7.4.5. Method of processing: by electronic means.
7.5. Registration on the profinails.eu website
7.5.1 Personal data processed: name, user name, e-mail address, telephone number, password, company name, company tax number, address, delivery address, registered office
7.5.2. Purpose of data processing: to create an account for the User, to provide a permanent account with a discount, to simplify the ordering process, to enable the retrieval of previous orders, to provide access to special content
7.5.3. Legal basis for processing: voluntary consent of the Data Subject
Withdrawal of the Data Subject's consent does not affect the existence of lawful processing prior to the withdrawal.
7.5.4. Duration of processing:
Until the withdrawal of the Data Subject's consent.
The consent may be withdrawn at any time, without restriction and without giving reasons, free of charge.
7.6. Processing in connection with sending a NEWSLETTER on profinails.eu
7.6.1. Range of personal data processed: name, e-mail address
7.6.2. Purpose for data processing:
Sending newsletters, informing the Data Subject about business offers, promotions, current news.
7.6.3. Legal basis for processing:
Voluntary consent of the data Subject
The withdrawal of the Data Subject's consent does not affect the existence of lawful processing prior to the withdrawal.
7.6.4. Duration of processing: 5 years or until the withdrawal of the Data Subject's consent.
The consent may be withdrawn at any time, without restriction and without giving reasons, free of charge. If the Data Subject does not request the erasure of his/her data, the Controller will process his/her personal data for a period of 5 years.
7.7. Online payment by bank card
7.7.1. Data transfer:
Personal data stored in the Controller's user database will be transferred to the online payment service provider barion.com. The data transferred include: name, email address, receipt address data. When paying by credit card, the data subject will be redirected to Barion's payment page. The payment is made on a site that operates according to the rules and security standards of international card companies and not on the Data Controller's site. The terms and conditions for online card acceptance are available here: https://www.barion.com/en/privacy-notice/
Profinails Cosmetics Plc. does not possess or have access to the data, number or expiry date of the card or the underlying account of the customer concerned.
7.7.2. Purpose of data processing:
Identification of the contractual partner, conclusion of the contract, fulfillment of the obligation arising from the contract, fulfillment of the invoicing obligation, retrieval and verification of the data in the event of any dispute or claim.
7.7.3. Legal basis for processing:
7.8.General rules for website traffic data processing:
The auditing is supported by Google Analytics server as an external service provider. For detailed information on the management of the measurement data, please contact the data controller at www.google-analytics.com.
The chat server of the online customer service is operated by PromptSaaS Inc., (K7M 2J8 Ontario, Kingston, Baiden Street 48, Canada).
The third party service providers place and read back a small piece of data, called a cookie, on the user's computer in order to provide a personalized service. If the browser returns a previously saved cookie, the service provider handling it has the possibility to link the user's current visit to previous visits, but only with regard to its own content. The user can delete the cookie from his/her computer or disable the use of cookies in his/her browser. The management of cookies is usually possible in the Tools/Preferences menu of browsers, under Privacy settings, under the designation cookie.
Purpose of data processing:
When using the data controller's website, the data controller installs small data files (cookies) on the user's computer, including data that cannot be directly linked to the user, for the following purposes:
The legal basis for processing: consent of the data subject
Data processed: ID number, date, time.
Duration of the data processing:
The Data Controller places and reads back a small data packet, a so-called cookie, on the user's computer in order to provide a personalized service. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user's current visit to previous visits, but only in relation to its own content.
The user can delete the cookie from his/her computer or disable the use of cookies in his/her browser. The management of cookies is usually possible in the Tools/Preferences menu of browsers, under Privacy settings, under the designation cookie.
The data obtained by the controller as a result of the use of data files will not be linked by the controller to the identification data of the user.
Session cookies are automatically deleted at the end of the time limit set in the cookie.
The user has the following options regarding cookies in his browser:
In this context, it should be pointed out that not accepting cookies may result in certain pages or functions not functioning properly and that the user may not be granted access to certain data.
7.9. Use of Google Analitics on the website
The website uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses so-called "cookies", text files that are saved on your computer to help analyse the use of the website visited by the User.
The information generated by the cookie about the website you use is usually transmitted to and stored by Google on servers in the United States.
By activating the IP anonymisation on the website, Google will previously shorten the IP address of the User within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage.
Google Analytics will not associate the IP address transmitted by the User's browser with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You may also prevent Google from collecting and processing information about your use of the website (including your IP address) by means of cookies by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=hu
7.10. Processing of personal data submitted via Facebook page
The Facebook Privacy Policy is available here:
https://www.facebook.com/privacy/explanation
Facebook page managed by the Data Controller: https://www.facebook.com/Profinails-a-körömspecialista-106439316078217
Scope of personal data processed: name registered on the Facebook community page and the user's public profile picture, name, e-mail address, telephone number
Purpose of personal data processing: Informing the Data Subject about the Data Controller's activities, Sharing on social networking sites, certain content of the profinails.eu website or the website itself
Legal basis for processing:
You can find out about the source of the data, how it is processed and how it is transferred and its legal basis on the Community site. The processing of data takes place on the Community site, and therefore the duration of the processing, the method of processing and the possibilities for deletion and modification of the data are governed by the rules of the Community site concerned. The data controller will publish on the Facebook page the contact details of this privacy notice.
The data controller informs you at the above link, that is in the Facebook business page under the menu item Business card/imprint, that Facebook uses cookies with a unique identifier, which enable the Facebook page administrator to obtain certain visitor data (for example demographic data) and to use these data to generate statistics and analyses on the Facebook interface. The visitor can delete these cookies in the browser. The visitor may ask the site administrator to notify Facebook if he/she wishes to access, correct or store data in connection with his/her analytics, deletion and/or object to or restrict the processing of their analytics data.
The data controller will transmit the Facebook user's relevant objection or restriction request directly to Facebook in its capacity as the administrator of the Facebook page. The Data Controller shall provide the Data Subject with proof of the fact of transmission.
Duration of processing: six months
7.11. Other processing
The Data Controller shall provide information about any processing not listed in this Notice at the time of the inclusion of the data. The court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the National Bank of Hungary, or other institutions may request the Controller to provide information, to disclose or transfer data, or to provide documents.
The Data Controller shall disclose to the authorities - if the authorities have indicated the precise purpose and scope of the data - personal data only to the extent and to the extent that is indispensable for the purpose of the request..
VIII. Data processors
8.1. The hosting provider of the website:
Webcredit s.r.o.
Company registration number: IČO: 47624094
Registered office: Hlavná ulica 690/42, 943 54 Svodín, Slovak Republic
Tax number: SK 2023990584
e-mail: solutions @ webcredit.sk
Scope of data processed: all personal data provided by the data subject.
Data subjects: all data subjects using the website.
Purpose of the processing: To make the website available and to ensure its proper functioning.
Duration of data processing, time limit for erasure of data: until the termination of the agreement between the data controller and the hosting provider/website maintainer or until the data subject's request for erasure to the hosting provider.
Legal basis for data processing: the consent of the User, the legal basis for the processing of the data, the legal basis for the termination of the data processing or the termination of the data controller's relationship with the website operator. Article 5(1)(b) and Article 6(1)(a), and Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
8.2. Accountant
Data processed: name, address, tax number or tax identification number.
Purpose for processing: to fulfill the obligations under Act C of 2000 on Accounting.
Duration of processing, time limit for deletion of data: For the fulfillment of accounting obligations pursuant to Article 169 of Act C of 2000, 8 years.
"The accounting documents (including general ledger accounts, analytical or detailed records) directly and indirectly supporting the accounting shall be kept for at least 8 years in a legible form, retrievable by reference to the accounting records" Legal basis for data processing.The relevant legal obligation is contained in Act C of 2000 on Accounting.
8.3. Courier services, postal services
Data processed: name, address, telephone number
Purpose of data processing: Identification of the contractual partner, fulfillment of the obligation arising from the contract, retrieval and verification of the data in the event of any dispute or claim.
Legal basis for processing:Article 6(1)(b) of Regulation 2016/679 of the European Parliament and of the Council, which states that "processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into a contract.
Duration of processing: 5 years + 1 year from the fulfillment of the contract
IX. Method of storage of personal data, security of processing
9.1. Processing of data
The data shall be accessed and processed only by the Data Controller and used only by the Data Controller in the manner and for the purposes set out in this Privacy Notice.
The Controller's computer systems and other data storage locations are located at its headquarters, its data processors and its servers. The Data Controller shall select and operate the IT tools used to process personal data in the course of providing the service in such a way that the processed data:
The data controller shall take appropriate measures to protect the data against, in particular, unauthorized access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction, damage or loss, and inaccessibility resulting from changes in the technology used. The controller shall ensure, by appropriate technical means, that the stored data cannot be directly linked and attributed to the data subject, except where permitted by law, in order to protect the data files managed electronically in its various registers.
9.2. The technology used by the controller
The controller shall ensure the security of processing by means of technical, organizational and organizational measures which, having regard to the state of the art, provide a level of protection appropriate to the risks associated with the processing. The Controller shall, during the processing, keep:
a.) confidentiality: it protects the information so that only those who are entitled to have access to it have access to it;
b.) integrity: protects the accuracy and completeness of the information and the method of processing
(c) availability: ensures that the authorized user, when he needs it, has effective access to the information and the means to obtain it.
The information technology systems and networks of the controller and its partners are protected against computer fraud, espionage, sabotage, vandalism, fire and flooding, computer viruses, computer intrusions and denial of service attacks. The operator ensures security through server-level and application-level protection procedures.
X. Rights of data subjects, legal means of redress
Personal data may be processed only for specified purposes, for the exercise of rights and for the performance of obligations. Data processing must comply with this purpose at all stages and the collection and processing of data must be fair. Only personal data which is necessary for the purpose of the processing, adequate for the purpose, to the extent and for the duration necessary for the purposes of the processing may be processed.
10.1. The right to be informed:
The Data Subject may request information about the processing of his or her personal data, and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory processing, and may exercise his or her right to data portability and objection in the manner indicated when the data were collected, or at the contact details of the Data Controller specified in this Privacy Notice. The Data Subject shall be informed in a clear, plain and detailed manner of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, the duration of the processing, whether the controller is processing his or her personal data with the consent of the data subject and for the purposes of complying with a legal obligation to which the controller is subject or for the purposes of the legitimate interests of a third party, and who has access to the data.
10.2. The right to access:
The Data Subject has the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the information listed in the Regulation. At the request of the Data Subject, the Controller shall provide information on whether or not processing is taking place in relation to the Data Subject in respect of the following:
In the event of a data subject's request, the Data Controller shall provide a copy of the data processed by the Data Controller in accordance with the request. The time limit for providing the requested data is 30 days from the date of receipt of the request.
10.3. Right to rectification:
The Data Subject has the right to have inaccurate personal data relating to him or her corrected by the Data Controller without undue delay upon his or her request. In view of the purposes of the processing, the Data Subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
10.4. Right to erasure:
The Data Subject shall have the right to obtain, upon his or her request, the erasure of personal data relating to him or her by the Controller without undue delay and the Controller shall be obliged to erase personal data relating to the Data Subject without undue delay under the following specified conditions:
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defense of legal claims.
10.5. Right to restriction of processing:
The Data Subject has the right to obtain, at his or her request, the restriction of processing by the Controller if one of the following conditions is met:
10.6. Right to data portability:
The Data Subject has the right to receive the personal data concerning him or her that he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without interference by the controller to whom the personal data have been provided.
10.7. The right to object:
Where personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for those purposes. The Data Subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, or necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, including profiling based on those categories. In the event of an objection, the Controller may no longer process the personal data unless it is justified by compelling legitimate grounds which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.
10.8. Automated decision-making in individual cases, including profiling:
The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which would have legal effects concerning him or her or similarly significantly affect him or her.
The previous paragraph shall not apply where the decision:
10.9. The right of withdrawal:
The Data Subject has the right to withdraw his or her consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal.
XI. Informing the Data Subject of a personal data breach.
11.1. If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, without undue delay inform the Data Subject of the personal data breach.
The information provided to the Data Subject shall clearly and prominently describe the nature of the personal data breach and provide the name and contact details of the Data Protection Officer or other contact person who can provide further information, the likely consequences of the personal data breach and the measures taken or envisaged by the Controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.
11.2.The Data Subject should be informed if any of the following conditions are met:
11.3. Unreasonable delay in the notification of a personal data breach
The controller shall notify a personal data breach to the supervisory authority competent under Article 55 without undue delay and, where possible, no later than 72 hours after the personal data breach has come to its attention, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by the reasons justifying the delay.
XII. Procedural rules
12.1. If the Controller receives a request pursuant to Articles 15 to 22 of the GDPR, the Controller shall inform the data subject in writing of the action taken on the request as soon as possible and in any event within 30 days.
12.2. Where the complexity of the request or other objective circumstances justify it, the above time limit may be extended once, up to a maximum of 60 days. The Data Controller shall notify the data subject in writing of any extension of the time limit, together with the reasons for the extension.
12.3. The controller shall provide the information free of charge, unless:
12.4.In the cases referred to in point 13.3, the Controller is entitled to:
12.5. If the applicant requests the data to be provided on paper or on an electronic storage medium (CD or DVD), the Data Controller will provide a copy of the data concerned free of charge in the requested format (unless the chosen platform would present a disproportionate technical difficulty). For each additional copy requested, an administration fee of HUF 500,- per page/CD-DVD will be charged.
12.6. The Controller shall notify any rectification, erasure or restriction carried out by it to all persons to whom the data concerned have previously been disclosed, unless such notification would be impossible or would involve a disproportionate effort.
12.7. If the data subject so requests, the Controller shall inform him or her of the persons to whom his or her data have been disclosed.
12.8. The controller shall provide its response to the request in electronic form, unless:
12.9. Exercise of the right to object:
The Data Controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide on its merits and inform the applicant in writing of its decision. If the Data Controller finds that the User's objection is justified, the Data Controller shall terminate the processing, including further recording and transmission of data, and block the data, and notify the objection and the measures taken on the basis of the objection to all those to whom the personal data concerned by the objection were previously disclosed and who are obliged to take action to enforce the right to object.
XIII. Legal remedies
If you have any objections or concerns about the processing of your personal data, please contact us at the contact details below:
Company name: Profinails Cosmetics Plc.
Legal address: H-6100 Kiskunfélegyháza Gábor Dénes park 8. (Industrial Park)
e-mail: profinails@profinails.eu
Contact person: Deákné Kovács Szilvia (secretary)
Phone number: +36 76 656124 Customer service: +36 20 4884435
13.1. Claims and compensations:
Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Data Protection Regulation is entitled to compensation from the Data Controller for the damage suffered. The Controller shall be exonerated from liability if it proves that it is not in any way responsible for the event giving cause to the damage.
13.2.Right to apply to the court:
If the data subject considers that his or her rights have been violated by the Data Controller, he or she has the right to apply to the competent court under the Civil Code. The court shall have the power to rule on the case out of turn.
13.3. Data Protection Authority procedure:
A possible complaint may be submitted to the National Authority for Data Protection and Freedom of Information:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Address for correspondence.: 1530 Budapest, Pf.: 5.
Phone number: 06-1/391-1400; fax: 06-1/391-1410
E-mail: ugyfelszolgalat@naih.hu
Webpage: http://www.naih.hu
13.4. Administrative cooperation:
The Data Controller shall, if it receives a formal request from the competent authorities, provide the personal data specified on a mandatory basis. The Data Controller shall only provide data that are strictly necessary for the purpose of achieving the objective indicated by the requesting authority. This Notice is intended to provide information to data subjects on the Data Controller's data management practices, with the understanding that the Data Controller reserves the right to change this Notice.
The Data Controller declares that it will comply with its data processing obligations as set out in this Policy from the date of adoption of this Privacy Notice.
The Data Controller shall inform the Data Subjects of the amendment and publish the amended Privacy Notice on its website.
Dated at: Kiskunfélegyháza 2021. 07. 27.
Profinails Cosmetics Plc.
Operator of www.profinails.eu webpage
