PRIVACY POLICY
Sakia Ltd.
www.almalombcoffee.com
Effective date: January 15, 2023
This General Privacy Policy (hereinafter referred to as the "Policy") sets out the rights and obligations of Sakia Ltd. (hereinafter referred to as the "Service Provider") and the Client (hereinafter referred to as the "Client") using the electronic information platform provided by the Service Provider through the website https://almalombcoffee.com/ (hereinafter referred to as the "Website") (Service Provider and Client together hereinafter referred to as the "Parties"). The Policy applies to all legal transactions and services that take place through the Website https://almalombcoffee.com/.
THE WEBSITE OPERATOR
Company name: Sakia Ltd.
Address: H-7694, Hosszuheteny, Ormandi u. 19.
Representative: Asvanyi Rita
Tax number: 23055953-2-02
Company registration number: 02-09-076641
Phone number: +36 72 793 680
Website: https://almalombcoffee.com/
E-mail: shop@almalombcoffee.com
HOSTING PROVIDER DETAILS:
Company name: nazwa.pl sp. z o.o.
Registered office: ul. Pana Tadeusza 2 30-727 Krakow, Poland
Mailing address: ul. Pana Tadeusza 2 30-727 Krakow, Poland
Tax number: PL 675-140-29-20
Sakia Kft. (H-7694, Hosszuheteny, Ormandi u. 19., hereinafter referred to as the Data Controller) as the Data Controller, acknowledges the contents of this legal notice as binding upon it. It undertakes to ensure that any processing of data related to its activities complies with the requirements set out in this Policy and in the applicable national legislation and European Union acts.
• Sakia Ltd. is committed to protecting the personal data of its clients and partners, and attaches the utmost importance to respecting the right of its clients to information self-determination.
• Sakia Ltd. handles personal data confidentially and takes all security, technical and organisational measures to guarantee the security of the data.
• Sakia Ltd. describes its data management practices below.
1. INTRODUCTION
Sakia Ltd. (hereinafter referred to as the "Data Controller") takes great care to protect personal data, to comply with mandatory legal provisions and to ensure secure and fair processing of personal data.
Data of the Data Controller:
Company name: Sakia Kft.
Registered office: 19, Ormandi u. 19, H-7694, Hosszuheteny.
Representative: Asvanyi Rita
Tax number: 23055953-2-02
Company registration number: 02-09-076641
Phone number: +36 72 793 680
Website: https://almalombcoffee.com/
E-mail: shop@almalombcoffee.com
The Data Controller shall in all cases process the personal data provided to it in compliance with the applicable Hungarian and European legislation and ethical requirements, and shall in all cases take the technical and organizational measures necessary for the proper and secure processing of the data.
This policy is based on the following legislation in force:
• Act No. CXIX of 2003 on the processing of name and address data for the purposes of research and direct marketing
• Act CVIII of 2007 on electronic commerce and information society services
certain aspects of information society services
• Act XLVIII of 2006 on the basic conditions and certain restrictions on commercial advertising
• Act CXII of 2007 on the Right to Informational Self-Determination and Freedom of Information
• Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46
The Data Controller undertakes to unilaterally comply with this Policy and asks its customers to accept its provisions. The Data Controller reserves the right to change this Privacy Policy, in which case the amended Privacy Policy will be published publicly (https://almalombcoffee.com/privacy-policy).
2. INTERPRETATIVE PROVISIONS
IN OUR POLICY, THE FOLLOWING TERMS USED IN THIS PRIVACY POLICY SHALL HAVE THE FOLLOWING MEANINGS:
Personal data: any data that can be associated with a specific natural person (identified or identifiable) (hereinafter referred to as "data subject"), the inference that can be drawn from the data concerning the data subject. The personal data retains this quality during processing as long as its link with the data subject can be re-established. In particular, a person shall be regarded as identifiable where he or she can be identified, directly or indirectly, by reference to a name, an identification mark or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
Consent: a voluntary and explicit indication of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, whether in full or in part.
Objection: a declaration by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the data processed.
Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the deletion of the processed data.
Data Controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by the Data Processor.
Processing: any operation or set of operations which is performed upon the data, regardless of the procedure used, in particular collection, recording, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure and destruction, as well as prevention of further use of the data, taking of photographs, sound or image recordings and the recording of physical characteristics which permit identification of a person.
Transmission: making data available to a specified third party.
Disclosure: making data available to any person.
Deletion: rendering data unrecognisable in such a way that it is no longer possible to retrieve it.
Data marking: the marking of data with an identification mark to distinguish it.
Data blocking: the marking of data with an identifier in order to limit its further processing permanently or for a limited period of time.
Destruction of data: the total physical destruction of the data medium containing the data.
Data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
Data processor: a natural or legal person or an unincorporated body which processes data on the basis of a contract, including a contract concluded pursuant to a legal provision.
Data file: the set of data processed in a register.
Third party: a natural or legal person or unincorporated body other than the data subject, the controller or the processor.
EEA State: any Member State of the European Union and any other State party to the Agreement on the European Economic Area, and any State whose nationals enjoy the same legal status as nationals of a State party to the Agreement on the European Economic Area under an international treaty concluded between the European Union and its Member States and a State not party to the Agreement on the European Economic Area.
Third country: any State which is not an EEA State.
Data Breach: unlawful processing or handling of personal data, in particular unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage.
3. TECHNICAL DATA
Sakia Ltd. selects and operates the IT tools used for the processing of personal data in the provision of the service in such a way that the processed data:
• accessible to those authorized to access it (availability);
• its authenticity and authentication are ensured (authenticity of processing);
• its integrity can be verified (data integrity);
• is protected against unauthorized access (data confidentiality).
Sakia Ltd. shall take appropriate measures to protect the data against unauthorized access, alteration, disclosure, disclosure, deletion, or destruction and against accidental destruction.
Sakia Ltd. shall ensure the security of data processing by technical, organizational, and organizational measures that provide a level of protection appropriate to the risks associated with data processing.
Sakia Ltd. maintains the confidentiality of the data processing:
• protect the information so that only those who are authorized have access to it;
• integrity: to protect the accuracy and completeness of the information and the method of processing;
• availability: it ensures that when the authorized user needs it, he has effective access to the information and the means to obtain it.
4. DATA PROCESSING PRINCIPLES
Personal data may only be processed if the data subject consents or if it is required by law or by a local government decree, based on a law and within the scope specified therein.
Personal data may be processed only for specified purposes, for the exercise of rights and for the performance of obligations. The processing must comply with this purpose at all stages.
Only personal data, which is necessary for the purpose of the processing, which is adequate for the purpose, to the extent and for the duration necessary for the purposes of the processing may be processed.
Personal data may be transferred, and the different processing operations may be combined where the data subject has given his or her consent or where the law permits it and where the conditions for processing are fulfilled for each individual personal data.
Personal data may be transferred from the country to a controller or processor in a third country, irrespective of the data medium or the means of transmission, if the data subject has given his or her explicit consent or if the law so permits and if the third country ensures an adequate level of protection for the personal data concerned in the processing of the data transferred.
In the case of mandatory processing, the purposes and conditions of processing, the scope and availability of the data to be processed, the duration of processing and the identity of the controller are determined by the law or municipal regulation imposing the processing.
A law may order the disclosure of personal data in the public interest, by expressly indicating the scope of the data. In all other cases, disclosure shall require the consent of the data subject, or, in the case of special categories of data, written consent. In case of doubt, it shall be presumed that the data subject has not given his or her consent.
The consent of the data subject shall be deemed to have been given in respect of the data communicated by him or her during his or her public activities or transmitted by him or her for the purpose of disclosure.
In proceedings initiated at the request of the data subject, his or her consent to the processing of his or her necessary data shall be presumed. This fact shall be brought to the attention of the data subject.
The data subject may also give his or her consent in the context of a written contract with the controller for the performance of the contract. In this case, the contract must contain all the information that the data subject needs to know for the purposes of the processing of personal data, in particular the specification of the data to be processed, the duration of the processing, the purposes of the processing, the transfer of the data, the use of a processor. The contract must state unambiguously that the data subject, by signing it, consents to the processing of his or her data as provided for in the contract.
The right to the protection of personal data and the privacy of the data subject shall not be prejudiced by other interests in the processing, including the disclosure of data of public interest, unless an exception is provided for by law.
5. BASIS OF PROCESSING
The processing of personal data by the Controller in the course of its activities is always based on law or voluntary consent. In some cases, in the absence of consent, processing is based on other legal bases or on Article 6 of the Regulation.
The Controller uses the assistance and services of the following Data Processors for its activities:
Company name: nazwa.pl sp. z o.o.
Registered office: ul. Pana Tadeusza 2 30-727 Krakow, Poland
Mailing address: ul. Pana Tadeusza 2 30-727 Krakow, Poland
Tax number: PL 675-140-29-20
6. WEBSITE VISITOR DATA
The Data Controller does not record the IP address or any other personal data of the user when visiting the websites operated by the Data Controller.
The html code of the websites operated by the Data Controller may contain independent links from and to external servers for web analytics purposes. The measurement also includes tracking of conversions. The web analytics provider does not process personal data, only browsing-related data that cannot be used to identify individuals. Currently, the web analytics services are provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, as part of the Google Analytics service.
The Data Controller may run so-called remarketing ads through the Facebook and Google AdWords advertising systems. These service providers may collect or receive data from the Controller's website and other internet sites through the use of cookies, web beacons and similar technologies. They use this data to provide measurement services or to target advertisements. Such targeted ads may appear on additional websites in the Facebook and Google partner network. Remarketing lists do not contain any personal data of the visitor and are not personally identifiable.
The use of cookies can be deleted from the user's own computer or can be prevented by default in the browser. These options vary depending on the browser but are typically available in the Settings / Privacy menu.
For more information on Google and Facebook's privacy policies, please see the contact details below: http://www.google.com/privacy.html and https://www.facebook.com/about/privacy/
7. NEWSLETTERS
If we contact you via HTML-formatted email messages, these may contain web beacons or similar technologies, such as clear GIFs or pixel tags. These are also known as clear GIF files. They provide feedback on whether the message has been received or opened and, if so, whether a link or other content has been clicked. These technologies usually place an image on a Web page or e-mail that is not visible to the naked eye and provide information such as the IP address of the computer used to view it, the URL or other identifier of the Web page or e-mail, the time of the view, the type of browser used to view it, and the identifier of any cookies previously placed on that device.
8. WHAT COOKIES WE USE
Cookies may be either "persistent" or "temporary" cookies. A persistent cookie is stored by the browser for a fixed period of time, provided that you do not delete it earlier, while a temporary cookie is automatically deleted when you close the browser.
Cookies, on the other hand, can be "own" or "third party" cookies. "Own" cookies are used by the Sakia Ltd. website, while third-party cookies (see for example cookies used by Google Analytics) are used by Sakia Ltd. but placed on the user's computer by service providers independent of Sakia Ltd.
The cookies used are divided into groups:
• Strictly necessary cookies
• Functionality and Performance cookies
• Cookies based on consent
We provide information about these and how they are used here: https://almalombcoffee.com/privacy-policy
9. SECURITY OF DATA PROCESSING
Company name: Magyar Telekom Tavkozlesi Nyilvanosan Mukodo Reszvenytarsasag
Public Telecoms Establishment Publicly Registered Company: 01-10-041928
Head office. 55.
Data transmission method: Internet
Company name: nazwa.pl sp. z o.o.
Registered office: ul. Pana Tadeusza 2 30-727 Krakow, Poland
Mailing address: ul. Pana Tadeusza 2 30-727 Krakow, Poland
Tax number: PL 675-140-29-20
The Data Controller shall protect the data against, in particular, unauthorized access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or accidental damage. The Data Controller, together with the server operators, shall ensure the security of the data by technical, organizational, and organizational measures that provide a level of protection appropriate to the risks associated with the processing.
10. RIGHTS OF DATA SUBJECTS
The data subject may request information about the processing of his or her personal data, as well as the rectification or, except for processing required by law, the erasure of his or her personal data, by using the link in the footer of the newsletters or by contacting any of the contact details of the Data Controller.
At the request of the data subject, the Data Controller shall provide information about the data processed by it, the purposes, legal basis and duration of the processing, the name, address (registered office) and activities of the data processor in relation to the processing, as well as the persons who receive or have received the data and the purposes for which the data are or were received. The controller shall provide the information in writing, in an intelligible form and free of charge, within the shortest possible time from the date of the request, but not later than 25 days. The Data Controller shall rectify any inaccurate personal data.
The Controller shall erase personal data if the processing is unlawful, if the data subject requests it, if it is incomplete or inaccurate and cannot be lawfully rectified, provided that erasure is not excluded by law, if the purpose of the processing has ceased to exist, if the statutory time limit for storing the data has expired or if the court or the Data Protection Commissioner has ordered it.
The rectification and erasure shall be notified to the data subject and to all those to whom the data were previously disclosed for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject in relation to the purposes of the processing.
The data subject may object to the processing of his or her personal data if the processing (transfer) of the personal data is necessary solely for the purposes of the exercise of a right or legitimate interest pursued by the controller or the recipient, except where the processing is required by law, the use or transfer of the personal data is for direct marketing, public opinion polling or scientific research purposes, or the exercise of the right to object is otherwise permitted by law.
The Data Controller shall examine the objection within the shortest possible period of time from the date of the request, but not later than 15 days, and inform the applicant in writing of the outcome of the examination, with the simultaneous suspension of the processing. If the objection is justified, the controller shall be obliged to terminate the processing, including further recording and transmission, and to block the data, and to notify the objection or the action taken on the basis of the objection to all those to whom the personal data concerned by the objection have been previously disclosed and who are obliged to take measures to enforce the right to object.
The data subject may bring an action against the controller before the courts or the data protection authority in the event of a breach of his or her rights. You can exercise your rights of redress or lodge a complaint by contacting the following contact details:
Name: National Authority for Data Protection and Freedom of Information
Address. Phone: 06- 1-391-1400
Fax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: naih.hu
11. USER DATA
You can check and request changes to your preferences and the data stored about you.
If you wish to do so, please contact us at shop@almalombcoffee.com.
23 January 2023.