CONTACT

Privacy policy

on data management in relation to the use of the website

  1. INTRODUCTION

This Privacy Policy (hereinafter referred to as “Policy”) applies to the processing of personal data arising from the operation of the website of GudFruit Kft.. (hereinafter: Controller) The Controller shall take utmost care to protect personal data, to comply with mandatory legal provisions and to ensure secure and fair processing.

 

The Controller’s data:

Company name:  
Mailing address: Ócsa, Némedi úti major 06/6
E-mail address:  

 
Website: https://gudfruit.hu/

 

This Policy is based on the following legislation in force:

  1. Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the “Infotv.”);
  2. Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter referred to as the “Ektv.”);
  3. Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (hereinafter referred to as the Grt.);
  4. Act C of 2003 on Electronic Communications (hereinafter referred to as the “Ehtv.”);
  5. Act CXIX of 1995 on the processing of name and address data for the purposes of research and direct marketing;
  6. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the Regulation).

 

This Policy governs the data management of the following website: https://gudfruit.hu/

This Policy is available from the following page: https://gudfruit.hu/

The Controller undertakes to comply with the provisions of this Policy and requests in particular that visitors to the website and subscribers to the newsletter also accept and comply with the provisions of this Policy. The Controller reserves the right to change this Policy, in which case the changes to this Policy will take effect upon publication on https://gudfruit.hu/ address.

 

  1. INTERPRETATIVE PROVISIONS

 

Terms used in this Policy have the following meanings:

data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of personal data;

personal data: data which can be associated with the data subject, in particular the name, identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or           social identity of the data subject, and the conclusions which can be drawn from the data concerning the data subject;

consent: a voluntary and explicit expression of the data subject’s wishes, based on appropriate information, by which he or she gives his or her unambiguous agreement to the processing of personal data concerning him or her, either in full or in relation to specific operations;

objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the deletion of the processed data;

controller: a natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has the Processor implement them;

data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of their further use, taking of photographs, sound or image recordings and the recording of physical characteristics which permit identification of a person;

data transfer: making data available to a specified third party;

data disclosure: making the data available to anyone;

data erasure: making data unrecognisable in such a way that it is no longer possible to recover it;

data marking: the marking of data with an identification mark to distinguish it;

data blocking: the marking of data with an identifier in order to limit its further processing permanently or for a limited period of time;

data destruction: the complete physical destruction of the medium containing the data;

data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;

data processor: a natural or legal person or unincorporated body which processes data on the basis of a contract, including a contract concluded pursuant to a legal provision;

dataset: the set of data managed in a single register;

third party: any natural or legal person or unincorporated body other than the data subject, the controller or the processor;

personal data breach: unlawful processing or handling of personal data, in particular unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage.

 

  1. CONTRACT-RELATED DATA PROCESSING

 

3.1. Managing contracting partner data – registering customers, suppliers:

(1) The Company shall process the name, name of the natural person contracted with it as a buyer or supplier, name of the natural person, name of the person’s birth, date of birth, mother’s name, address, tax identification number, tax number, entrepreneur’s or farmer’s identity card number, personal identity card number for the purpose of the conclusion, performance, termination or granting of a contractual discount,  address, address of the registered office, address of the establishment, telephone number, e-mail address, website address, bank account number, customer number (customer number, order number), online identifier (list of customers, suppliers, frequent buyer lists). This processing is also considered lawful if the processing is necessary to take steps at the request of the data subject prior to the conclusion of the contract. Recipients of personal data: employees of the Company performing customer service tasks, employees performing accounting and tax tasks, and data processors. Duration of storage of personal data: 5 years after termination of the contract.

(2) The natural person concerned shall be informed before the processing starts that the processing is based on the legal basis of the performance of a contract, which information may also be given in the contract. The data subject shall be informed of the transfer of his or her personal data to a processor.

3.2. Contact details of natural person representatives of legal person customers, buyers, suppliers:

(1) The scope of personal data processed: the name, address, telephone number, e-mail address, online identifier of the natural person.

(2) Purpose of the processing of personal data: performance of a contract with a legal entity partner of the Company, business relations, legal basis: the data subject’s consent.

(3) Recipients or categories of recipients of personal data: employees of the Company performing customer service tasks, data processors.

(4) Duration of the storage of personal data: 5 years after the business relationship or the data subject’s capacity as a representative has been established.

3.3.) Data management on the Company’s Facebook page

(1) The Company maintains a Facebook page for the purpose of publicising and promoting its products and services.

(2) A question on the Company’s Facebook page or on the Facebook page shall not be considered as a formal complaint.

(3) The Company does not process personal data posted by visitors to the Company’s Facebook page.

(4) Visitors are subject to the Facebook Privacy and Terms of Service.

(5) In the event of publication of illegal or offensive content, the Company may exclude the person concerned from membership or delete his/her posts without prior notice.

(6) The Company is not responsible for any illegal content or comments posted/uploaded by users on Facebook. The Company is not responsible for

for any error, malfunction or failure of the system resulting from the operation of Facebook

system or any problem resulting from changes in the operation of the system.

3.4. Processing of data for tax and accounting obligations

The Company processes the personal data of customers and suppliers doing business with the Company for the purpose of fulfilling legal obligations, tax and accounting obligations (accounting, taxation).

natural persons who have business relations with the Company.

The data processed pursuant to § 169 and § 202 of Act CXXVII of 2017 on Value Added Tax, in particular: tax number, name, address, tax status,  pursuant to § 167 of Act C of 2000 on Accounting: the name, address, the name of the person or organisation which ordered the operation, the signature of the person who issued the order and of the person who certified that the order had been carried out and, depending on the organisation, the signature of the controller; the signature of the recipient on stock movement vouchers and cash management vouchers and of the payer on counterfoils, the signature of the

on the basis of Act CXVII of 1995 on personal income tax: entrepreneur’s identity card number, self-employed person’s identity card number, tax identification number.

(2) The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal basis.

(3) Recipients of personal data: employees and data processors of the Company performing tax, accounting, payroll and social security functions.

3.5. Payer data processing

(1) The Company shall, in the performance of a legal obligation, pay statutory taxes and contributions

(assessment of taxes, tax advances, contributions, payroll accounting, social security administration)

for the purpose of the processing of the data of the persons concerned – employees, their family members, workers, other beneficiaries

recipients of other services – with whom it has a relationship as a paying agent (Act 2017:CL. on the Tax Code (Art.), § 7.31.).

The scope of the data processed is defined in Art. 50.§ of the Art.

highlighting: the natural person’s natural identity data (including previous name and title), gender, nationality, the natural person’s tax identification number, social security number.

If the tax laws do not

legal consequences, the Company may process data on the health (Section 40 of the Income Tax Act) and trade union (Section 47(2) b./) membership of employees for the purposes of tax and contribution obligations.

(payroll accounting, social security administration).

(2) The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal basis.

(3) Recipients of personal data: the Company’s tax, payroll, social security (payer) and social security (payee) departments.

and data processors of the Company.

3.6.) Newsletter

The Data Controller operates a newsletter service on its website. The Data Controller offers visitors to its website the possibility to receive, if they wish, newsletters about its products or news related to its products.

(1) Purpose of processing

The purpose of data processing is to inform visitors by sending the newsletter to them and to provide the possibility of contacting them for this purpose. The Data Controller delivers to subscribers to its newsletters online newsletters containing news, news and offers, and direct marketing messages by electronic means, normally once a month, but no more than once a day.

(2) Legal basis for processing

The legal basis for the processing of personal data is the Infotv. Section 5 (1) a) of Article 5 (1) of the, the Grt. Article 6 (1)(a) of the Regulation, Article 13/A (4)  of the Ektv. and Article 6 (1)(a) of the Regulation.

The sending of a newsletter in accordance with Art. The sending of newsletters for marketing purposes requires the prior, unambiguous and express consent of the website visitor. The visitor consents to receive newsletters for marketing purposes by filling in the newsletter subscription form on the Controller’s website.

(3) Who is data subject

The data subjects are the visitors who subscribe to the newsletter.

(4) Scope of personal data processed

To subscribe to the newsletter, you must provide your name, telephone number and e-mail address. The name is required to contact you, the telephone number and e-mail address are required to contact you. The subscriber is responsible for the authenticity of the personal data provided.

(5) Duration of processing

Data processing takes place until the date of withdrawal of consent. The Data Controller keeps a record of the persons who have consented to the sending of the newsletter. If the data subject withdraws his or her consent to the processing for the purposes of the newsletter, the Controller shall delete the personal data of the data subject from its records and from any existing newsletter database. The possibility to unsubscribe is provided by a direct link in each newsletter or in a footnote on the website, and by sending an e-mail or postal mail to the contact details of the Data Controller indicated in this document

(6) Persons entitled to access the data

Persons designated for this purpose by the Data Controller.

(7) Recipients of the transfer

The Data Controller shall keep a register of the recipients of the data transfers, on which the data subject may request information from the Data Controller in connection with the processing.

 

  1. VISITING THE WEBSITE

The website is accessed by clicking on the website of GudFruit Kft. https://gudfruit.hu/

Data processing by external service providers (in particular Google):

The portal html code may contain links from and to external servers independent of GudFruit Kft The servers of external providers may be directly connected to the visitor’s computer. Please note that the providers of these links may collect visitor data due to the direct connection to their server, by communicating directly with the visitor’s browser. Any content that may be personalised for the visitor is served by the servers of external service providers. The connection between GudFruit Kft. and the servers of the external service providers is limited to the insertion of the latter’s codes, so no personal data is transferred or transmitted. The cookies used by external service providers are in particular the Google Ads cookie and the Google Tag Manager.

 

  1. COOKIE MANAGEMENT

 

5.1. Visitor data management on the Company’s website – Information on the use of cookies:

(1) Cookies are short data files placed on the user’s computer by the website visited. The purpose of the cookie is to make the given infocommunication, internet service easier and more convenient. There are several types, but they generally fall into two broad categories. One is the temporary cookie, which is placed on the user’s device by the website only during a particular session, and the other is the persistent cookie (e.g. a website’s language setting), which remains on the computer until the user deletes it. According to the European Commission’s guidelines, cookies [unless strictly necessary for the use of the service] can only be placed on the user’s device with the user’s permission.

(2) In the case of cookies that do not require the user’s consent, information should be provided during the first visit to the website. It is not necessary for the full text of the cookie notice to appear on the website, but it is sufficient for website operators to briefly summarise the substance of the notice and provide a link to the full notice.

(3) In the case of cookies requiring consent, the information may also be linked to the first visit to the website, if the processing of data associated with the use of cookies starts as soon as the page is visited. Where the use of the cookie is linked to the use of a function explicitly requested by the user, the information may also be provided in relation to the use of that function. Even in this case, it is not necessary for the full text of the cookie notice to be displayed on the website, a brief summary of the substance of the notice and a link to the full notice.

(4) What are cookies?

Cookies are small text files that store data and are placed on your browser device (e.g. computer, smartphone, tablet) when you visit a website. A cookie usually contains the domain name (where it comes from), its lifetime (how long it stays on your device) and the data it stores. For more information about cookies, please visit the following website: http://www.allaboutcookies.org

Our website uses cookies to distinguish you from other visitors, so that we can provide you with a better, more personalised user experience. Cookies are not harmful to your browser device. By using our website, you consent to the use of cookies in accordance with this Policy.

(5) What category of cookies can we use?

– Functionality cookies: without these, certain services of the website cannot function properly.

– Functional cookies: they allow the website to remember certain previously set data.

– Performance cookies: they collect information about how visitors use the website. These cookies are used for statistical purposes to improve and maintain the user experience.

(6) Third-party cookies

Our website may also use some popular third-party web services (e.g. Google Analytics), which may result in the storage of cookies that are not under our control. These services have their own privacy and cookie policies.

(7) Managing cookies

Most browsers accept cookies by default. You can set your browser to alert you every time a cookie arrives, or to block all cookies. You can do this through your browser settings, which you can find more information about in your browser’s help.

Please note that if you delete cookies or disable the use of cookies, you may not be able to use the full functionality of our website or the website may not function as intended in your browser.

5.2. The Controller uses the following so-called cookies when you visit the website of GudFruit Kft.

Google Adwords cookie: on the first visit of the Controller’s month, the visitor’s cookie ID is added to the remarketing list. Google uses cookies – such as NID and SID cookies – to personalise the ads displayed in Google products, such as Google Search. It uses such cookies, for example, to remember a website visitor’s recent searches, their previous interactions with individual advertisers’ ads or search results, and their visits to advertisers’ websites. The AdWords conversion tracking feature uses cookies. To track ad sales and other conversions, cookies are saved on a visitor’s computer when they click on an ad. Some common uses of cookies include: selecting ads based on what is relevant for a particular visitor, improving campaign performance reporting, and avoiding displaying ads that the visitor has already viewed.

Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and app owners to get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and report statistics about website usage without identifying visitors individually to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to generating reports from website usage statistics, Google Analytics, together with some of the advertising cookies described above, may also be used to display more relevant ads in Google products (such as Google Search) and across the web.

(period: 1 year, 1 month, 4 days)

The _ga_* cookie is used to store and count page views.

(period: 1 year, 1 month, 4 days)

The hjSessionUser_* cookie sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.

(Period: 1 hour)

The hjSession_* cookie ensures the data from subsequent visits tot he same site is attributed tot he same ID user, which persists in the Hotjar user ID, which is unique to that site.

(Period: 1 hour)

A Facebook Pixel is a piece of javascript code that is placed on your website and sends data about users visiting your site to Facebook’s ad management system.

Google Tag Manager (GTM) is a free Google marketing tool that allows you to place and manage analytical and marketing tags (tracking codes, pixels) on your website.

 

  1. THE SECURITY OF DATA PROCESSING

The Controller stores personal data in digital format only.

It is the responsibility of the Controller and the Data Processor to ensure the security of the data during data management and processing, and to take the technical and organisational measures and develop the procedural rules necessary to enforce the Infotv. and other data and confidentiality protection rules.

The Controller and the Data Processor shall take appropriate measures to protect the data, in particular against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction, damage and inaccessibility resulting from changes in the technology used.

In order to protect the electronically managed data files in its various registers, the Controller shall ensure, by means of appropriate technical solutions, that the stored data cannot be directly linked and attributed to the data subject.

The Controller’s IT system and network are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer intrusions. The operator ensures security through server-level and application-level protection procedures.

 

  1. THE RIGHTS OF DATA SUBJECTS

6.1 According to the Infotv.

  1. a) Information

At the request of the data subject, the Controller shall provide information on the data processed by the Controller, the source of the data, the purpose, legal basis, duration and activities related to the processing, the circumstances of the personal data breach, its effects and the measures taken to remedy it, and, in the case of the transfer of personal data of the data subject, the legal basis and the recipient of the transfer.

The Controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 25 days. Such information shall be provided free of charge if the person requesting the information has not yet submitted a request for information to the Controller for the same data subject in the current year. In other cases, the Controller shall charge a fee.

  1. b) Correction, blocking, erasure

The Controller shall rectify the personal data if it is inaccurate and the accurate personal data is available to the Controller.

The Controller shall block personal data if the data subject so requests or if, on the basis of the information available to it, it is likely that deletion would harm the data subject’s legitimate interests. Blocked personal data may be processed only for as long as the processing purpose which precluded the deletion of the personal data persists.

The Controller shall delete the personal data if:

  • its treatment is unlawful,
  • the data subject requests,
  • the processed data is incomplete or inaccurate – and this situation cannot be lawfully remedied – provided that erasure is not excluded by law,
  • the purpose of the processing has ceased or the statutory time limit for storing the data has expired,
  • ordered by a court or the National Authority for Data Protection and Freedom of Information.

If the Controller does not comply with the data subject’s request for rectification, blocking or erasure, it shall, within 25 days of receipt of the request, communicate in writing or, with the data subject’s consent, by electronic means, the factual and legal grounds for refusing the request for rectification, blocking or erasure. In the event of refusal of a request for rectification, erasure or blocking, the Controller shall inform the data subject of the possibility of judicial remedy and recourse to the Authority.

  1. c) Objection

The data subject may object to the processing of his or her personal data if:

  • the processing or transfer of personal data is necessary for the fulfilment of a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller, the data subject or a third party, unless the processing is required by law;
  • the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; and
  • in other cases specified by law.

 

The Data Controller shall examine the objection within the shortest possible time from the submission of the request, but not later than 15 days, shall decide on its merits and shall inform the applicant in writing of its decision.

 

6.2 Under the Regulation

  1. a) Withdrawal of consent

In addition to the above, the Regulation gives the data subject the right to withdraw his or her consent to data processing at any time. A statement by the data subject withdrawing consent is valid provided that it clearly indicates the processing concerned.

  1. b) Restriction

The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Controller if one of the following conditions is met:

  • the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use;
  • the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
  • the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.

Where processing is restricted on the basis of the above, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

The Controller shall inform in advance the data subject at whose request the processing has been restricted of the lifting of the restriction of processing.

  1. c) Forwarding

The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the Controller, if:

  • the processing is based on consent or a contract; and
  • the processing is carried out by automated means.

In exercising the right to data portability as set out above, the data subject shall have the right to request, where technically feasible, the direct transfer of personal data between controllers.

 

6.3 The means of enforcement

The data subject may exercise the data processing rights listed above by sending an e-mail to the e-mail address or registered office address of the Controller from an identifiable e-mail address of the data subject, or by postal letter signed by the data subject. The data subject’s declaration of exercise of the rights shall be valid provided that it clearly indicates the processing operation concerned.

 

6.4 Legal remedies

If the data subject does not agree with the decision of the Controller, he or she may appeal against it to a court within 30 days of its notification. Legal remedies and complaints may be lodged with the National Authority for Data Protection and Freedom of Information:

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
E-mail: ugyfelszolgalat@naih.hu
Postal address: 1530 Budapest, Pf.: 5.
Address: 1055 Budapest, Falk Miksa utca 9-11.
Telephone: +36 (1) 391-1400
Website: http://www.naih.hu