The objective of this policy („Policy”) is to establish the principles and policy of the data protection and processing carried out by LOOKS WOOD Faipari és Kereskedelmi Korlátolt Felelősségű Társaság (registered seat: 2096 Üröm, Rákóczi Ferenc utca 15/A.; company registration number: 13-09-193542; „the Company”), the owner of the website www.odiesoil.eu („Website”). The Company expresses its commitment to be bound by this Policy.
This Policy sets out the principles of the processing of the personal data provided by the users of the Website and provides information for the data subjects on the processing of their personal data.
When establishing the provisions of the Policy, the Company paid particular attention to the provisions of Regulation 2016/679 of the European Parliament and of the Council („GDPR”), Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information („Data Protection Act”), Act V of 2013 on the Civil Code („Civil Code”) and Act XLVIII of 2008 on the on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities („Commercial Advertising Act”).
The data controller
The Company processes your personal data and, as a data controller, is liable for their lawful processing.
You can contact us using the contact details provided below:
Name of the company: LOOKS WOOD Korlátolt Felelősségű Társaság
Postal address: 2096 Üröm, Rákóczi Ferenc u 15/A
Company register no.: 13-09-193542
E-mail address: firstname.lastname@example.org
Phone number: +706307572
Brief introduction of the processing
In order to provide newsletter services, the Company collects your personal data. The recording of personal data is carried out electronically, by the user filling out the dedicated panels and by clicking on the button confirming the subscription.
Depending on their functionality, our cookies may take the following forms:
session cookies are necessary for browsing on the Website and for using its functions; among others, they restore the operations carried out on a website, or while using a certain function or a service. The undisturbed use of the Website cannot be guaranteed in the absence of session cookies;
functionality cookies allow the Website to restore the operation mode you choose. This is in order to ensure that you do not have to restate your preferences on the next visit;
the purpose of using advertising and targeting cookies is to select the ads holding the greatest interest or seeming important for our visitors and to display these ads on our Website;
by using performance cookies we collect information on how our visitors use the Website (e.g. which and how many sites were visited, on which part of the Website the visitor clicked, how long the sessions were, what kind of error message the visitor received, etc.) This is to ensure that we develop the Website (the available services, functions, etc.) in accordance with the demands of our visitors, so that we are able to provide a high quality, user-friendly experience.
The Website uses the Google Analytics webanalytic services. Google Analytics uses performance cookies in order to help analyzing the use of the website.
What kind of personal data we record
We collect the following data during the subscription to the newsletter:
first name* (for your identification);
last name (for your identification);
e-mail address* (for delivering the newsletter);
Provision of the data marked with an asterisk is mandatory in order to subscribe for the newsletter. The above data qualify, under both the GDPR and the Data Protection Act, as personal data.
A software analyzing website hits runs on the Website and receives the following automatically generated data of our visitors:
IP address of the visitor;
date of the visit;
data of the visited sites;
type of browser used;
preferences of the visitor.
The Website records these data. According to the provisions of the GDPR, the IP-address of the visitor qualifies as personal data.
For what purpose we collect your personal data
Regarding the provision of our newsletter services, the purpose of processing your personal data is to provide periodic information on promotions currently available at the Company and to provide relevant information from the customers’ perspective.
to facilitate the customization of the ads and the services rendered by the visitors of the Website, to use its comfort functions;
to prepare statistics, analyses regarding the number of visitors of the Website and the preferences of the visitors.
The provider of Google Analytics uses the above information to analyse your and other data subjects’ use of the Website, for compiling reports in connection with the activities carried out on the Website and for the provision of other services in connection with internet usage.
The legal basis of the processing
Term of the processing
The Company processes your personal data for the purpose of delivering marketing newsletters until you unsubscribe from the newsletter or otherwise request your personal data to be erased or restricted, or until you object to the processing.
Session cookies are deleted automatically by closing the browser. In the case of other type of cookies the Company processes your personal data until achieving the goal intended by the usage of the certain type of cookies.
Data security measures
The Company records the personal data collected during the subscription to the newsletter in the Sendinblue newsletter sender and database manager service, through which service the Company sends you the newsletter.
Within the organization of the Company only employees participating in the promotion and marketing activities of the Company have access to your personal data. The Company keeps personal data confidential; we do not make them public or grant access to third parties with the exception of the data transmitted to Rocket Science Group, LLC or to employees not participating in the promotion and marketing activities of the Company.
We restore personal data on a server only accessible to certain individuals and in a password-protected database, both of which are protected by state-of-the-art firewalls and antivirus software. The database is only accessible by authorized employees and the password enabling access is customized, personal.
The Company carries out its newsletter-related marketing activities through the Sendinblue newsletter sender and database manager service, provided by Rocket Science Group, LLC (675 Ponce de Leon Ave NE, Suite 5000; Atlanta, GA 30308 USA). The personal data recorded in Sendinblue are transmitted to and stored on the servers of Rocket Science Group, LLC, located in the USA. Accordingly, the Company explicitly draws your attention to the fact that using the Sendinblue services entails the transmission of your personal data to a third country (USA) as per the GDPR.
Rocket Science Group, LLC operates the Sendinblue newsletter sender services during the whole term of the processing, and it does not process data on its own behalf. Accordingly, Rocket Science Group, LLC qualifies as a data processor.
Rocket Science Group, LLC not only participates in the Privacy Shield framework regulating the transatlantic commerce of personal data, but also certified it compliance for this purpose (date of certification: 21/11/2016). Consistently, the Company declares that Rocket Science Group, LLC, as a data processor, possesses the adequate and appropriate guarantees for the processing of your personal data.
The Company carries out the analyzation of the website hits through Google Analytics, a service provided by Google LLC (Google Privacy Center: 1600 Amphitheatre Pkwy, Mountain View, California 94043). The cookie-generated information relating to the user statistics of the Website (the IP-address of the visitor) is transmitted to and stored by the servers of Google LLC, located in the USA. Accordingly, the Company explicitly draws your attention to the fact that using the Google Analytics services entails the transmission of your personal data to a third country (USA) as per the GDPR. Google LLC qualifies as a data processor, given that it does not process data on its own behalf.
Googe LLC not only participates in the Privacy Shield framework regulating the transatlantic commerce of personal data, but also certified its compliance for this purpose (date of certification: 25/09/2017). Consistently, the Company declares that Google LLC, as a data processor, possesses the adequate and appropriate guarantees for the processing of your personal data.
Your rights and your right to remedies
Your right as a data subject in connection with the processing of your personal data:
Right to information and access to personal data
You are entitled to obtain from the Company confirmation as to whether personal data concerning you are being processed, and, where that is the case, to access to the personal data and the following information:
the purposes of processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed (in particular the data processors);
the envisaged period for which the personal data will be restored;
your rights in relation to the processing of your personal data;
where the personal data was not collected from you, any available information as to their source;
information regarding automated decision-making.
Under the applicable legislation we provide the information on the processing of your personal data free of charge. We respond to your request in writing within a month. However, if such request is manifestly unfounded or excessive, in particular because of its repetitive character, the Company may either, taking into account the administrative costs of providing the information or communication or taking the action requested:
charge a reasonable fee; or
refuse to act on the request.
If, after paying the fee, it turns out that the processing was unlawful, or upon your request we are obliged to correct your data, we will reimburse you the fees already charged.
If, despite our best efforts to protect your personal data, someone unlawfully gains access to, changes, transmits, publishes, erases, destroys or causes unintended erasure or injury to your personal data or otherwise processes them unlawfully, we, upon your request, will inform you about the conditions of such incident, including the date, the possible effects and our measures to prevent or to mitigate the consequences.
Right to rectification
If the data we process are not correct, we will rectify them upon your request without undue delay. You are also entitled have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
The Company erases your personal data without delay, if:
the personal data are no longer necessary in relation to the purpose of sending the marketing newsletter;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation concerning the Company;
the person exercising parental authority over a children under 16 has not consented to the processing;
where the Company has made the personal data public.
You are also entitled to request the erasure of your personal data by withdrawing the consent you previously gave to us. However, in such case we may refuse to further provide you certain services and/or certain services will not be available to you hereinafter.
Instead of erasing, we block your personal data if you request so, or it can be assumed that erasure would have an impact on your legitimate interests. We do not process blocked data for the above purposes. We only process blocked data for the purpose that excluded the possibility of erasure.
Right to restriction of processing
Data processing may be restricted if:
you contest the accuracy of the personal data, for a period enabling the Company to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;
the Company no longer needs your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
you have objected to processing, pending the verification whether the legitimate grounds of the Company override yours.
For the duration of the evaluation of your objection, but not more than for 5 days the Company suspends the processing, assesses the merits of your objection and makes a decision, about which the Company informs you without delay.
If the objection is justified, the Company restricts your data, i.e. only restoring as a means of processing can be carried out as long as
you consent to the processing;
your data is necessary for enforcing your legal claims;
processing becomes necessary in order to the defend the rights of a natural or a legal person; or
processing is ordered by law in the public interest.
If you requested your personal data to be restricted, the Company will notify you prior to the lifting of the restriction.
What happens and what can you do if we reject your request?
If the Company rejects your request for the correction, restriction of erasure of your personal data, within 1 month of receiving your request we will inform you in writing why we could not comply with your request and we will inform you about your possibilities of judicial remedy and that you may submit a notice to the Nemzeti Adatvédelmi és Információszabadság Hatóság (the National Authority for Data Protection and Freedom of Information). If you agree, we will send our reply via e-mail.
What are your rights if you think the data processing is unlawful?
If you have some concerns regarding the lawfulness of the data processing, you have the right to object to it. Your objection should include a request for us to stop processing your data and to erase them.
If you object to the processing of your data, the Company will examine the reasons of your objection within one month and will make a decision, regarding which the Company notifies you in writing.
If we find your objection to be valid, we stop every data processing operation, block the data concerned and inform about the objection and the following measures taken everyone to whom we transmitted the personal data concerned by the objection. These recipients should also take the necessary actions for your objection to prevail. If you disagree with our decision or if the Company fails to comply with the above mentioned one month deadline, you may turn to the courts within 30 days either from the notification on the decision or from the last day of the deadline.
What are the legal remedies available to you?
If you find that during the processing of your data our Company breaches the provisions of the GDPR, it is your right as a data subject to lodge a complaint before a supervisory authority (i.e. before any public authority set up by any of the EU member states in accordance with section 51 of the GDPR), in particular in the member state of your habitual residence, place of work or place of the alleged infringement. In Hungary the supervisory authority set up in accordance with section 51 of the GDPR is the Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information; “NAIH” or “the Authority”).
In accordance with the GDPR, a supervisory authority concerned means a supervisory authority which is concerned by the processing of personal data because:
the controller or processor is established on the territory of the Member State of that supervisory authority;
data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
a complaint has been lodged with that supervisory authority.
In connection with the data processing carried out by the Company, under points a) and b) mentioned above, the supervisory authority concerned is NAIH, given that the Company is established in Hungary and the data subjects affected by the processing are predominantly residing in Hungary. Accordingly, in the sections below we inform you about complaint procedure of NAIH. However, please note that given the reasons mentioned above, you nevertheless have the right to lodge a complaint before any supervisory authority set up by one of the EU member states, not just before the Authority.
Notification to the Hungarian National Authority for Data Protection and Freedom of Information
Compliance with data protection legislation is supervised by the Hungarian National Authority for Data Protection and Freedom of Information. If you find that our data processing does not comply with the applicable law, or there is an imminent danger of non-compliance, you can lodge a complaint before the Authority through the following contacts:
Name of the authority: Nemzeti Adatvédelmi és Információszabadság Hatóság
Postal address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
E-mail address: email@example.com
Phone number: +36 1 391 1400
Fax number: +36 1 391 1410
For further information regarding data protection go to the website of the Authority: http://naih.hu/
Please note that in the case of a personal data breach (i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed), the Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Authority. If the personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, the Company shall communicate the personal data breach to you as a data subject without undue delay.
Judicial proceedings for pursuing claims
If you find that your right to privacy has been infringed by us, or our decision regarding your objection was incorrect or we did not reply to your objection, you have the right to turn to the courts. You may also decide to initiate the proceeding before the tribunal of your domicile or habitual residence.
Furthermore, in accordance with conditions laid down by law, if our unlawful data processing or breach of security requirements caused damages to you, you may enforce your claim for compensation against the Company before courts. In addition, if we violated your rights relating to personality, you shall be entitled to restitution, which is also enforceable before courts.
In this respect, we are responsible for our data processors.