Data Protection Policy
In which we inform you about the rules of data processing activity meeting the General Data Protection Regulation (EU) 2016/679 of the website
www.lapidaris.com (hereinafter: Website)
operated by the OLINFORM SYSTEM Kft. (4931 Tarpa, Esze Tamás Street, 24, company registration number: 15-09-082363, tax number: 25082795-2-15, represented by: András Simon and Máté Berencsi, e-mail address: firstname.lastname@example.org) hereinafter: Controller.
Our enterprise respect your essential rights concerning the protection of your personal data therefore in the following we inform you about the legal basis, purpose of the processing, time and way of storage of your personal data, the actions taken for the protection of the data as well as your opportunities to dispose of the use of the data.
The Data Protection Policy relates to the personal data processed within the framework of the Lapidaris system operated on the Website.
Within this regulation, User means: the natural person who visit our Website, independently of whether they use our service or not.
The service of the Controller operating the Website accessible through the Internet address given above is provided to Hungary and from Hungary. The Hungarian law will be authoritative for the Users during the use of the service.
The operator and developer of the Website is the Controller, while the provider of the web host is: BERE-NET Kft (Registered office: 4611 Jéke, Táncsics Street, 8, Company registration number: 15 09 078137, Tax number: 23486382-2-15, Telephone number: +36 30 451 96 72, E-mail address: email@example.com). The web host ensuring the storage of the data is operating in the territory of the European Union.
Our Data Protection Policy is accessible on the platform of the lapidaris.com website created for this purpose.
DATA PROCESSING ACTIVITIES
The data processing activities performed by Controller through the Website – including also the operation of the Lapidaris system sold through it – are bidirectional.
On the one part: Controller performs the processing of personal data necessary for the sale of the Lapidaris system, provision of the service, operation and maintenance of the Lapidaris system, including also the personal data processed within the framework of the client service.
On the other part: Resulting from the nature of the system, the person within whose scope of interest the data processing arises will be responsible for the data processing of the user purchasing the Lapidaris system and the persons/users using the commemoration function of the Website. Controller will be qualified as Processor in this regard.
Our data processing activity performed in accordance with the above will be described in the Data Protection Policy.
You will become concerned by data processing, when you send your order for purchasing the Lapidaris system.
The rules concerning the order and the purchase are included in the provisions of the General Contractual Terms (hereinafter: GCT).
We will process your data (name, e-mail address, telephone number, selected mode of payment, delivery data, invoicing data) given by you through the completion of the form serving for placing an order via the Website for the purpose of fulfilling the distance contract made during the sale of the product. The legal basis of the data processing will be the contract made between you and the Controller, the Service Provider of the product.
The source of the data is the order form/blank form completed by you as the data subject (person concerned).
Following the termination of the contract, we will process your data till the expiry of the general period of limitation.
We will not transfer or transmit your data provided for the purpose of ordering.
If you send your order through our independent commercial agents, the commercial agent will record the order on the Website in accordance with those included in the contract for data processing made between the Controller and the agent, and send to us the order form signed at the location of placing the order by mail. We will process the data given during the ordering on the “admin” platform of the Website and store the data in our web host provided by the service provider of the web host.
The commercial agent will send the paper based order by mail in 5 working days, while the digital form on the working day following the processing.
The supply of data through the Website is done by using encrypted protocol HTTPS.
We will deliver the Lapidaris system ordered through the Website in the way set forth in the GCT, for which we will transfer your name and delivery data (country, town/village, address) to the courier service performing the delivery.
You can ask for further information about our products and services through the contact details given in the menu “Contact”. We will store your name, e-mail address and other information given by you in your e-mail sent to the e-mail address firstname.lastname@example.org in our mailing system until the purpose of the data processing is achieved; after that we will cancel the data from our mailing system. Legal basis of the data processing: Point (b), Section 6 of GDPR. The data processing is necessary for fulfilling such a contract in which one of the parties is the person concerned, or which is necessary for taking the steps requested by the person concerned before the conclusion of the contract.
Your data provided within the framework of contacting will be processed exclusively by our colleagues performing the client service activity.
The purpose of creating a user account is to provide such service which serves for the comfort of the user of the Lapidaris system, since in this menu you can review the data given by the user performing the activation, furthermore, it is possible to edit the password and the details of the user account.
Circle of those concerned by the data processing: the user activating the Lapidaris system.
These data will be stored in the web host of the website until the purpose of the data processing is achieved or a request for cancelling the account is received.
The user can modify the data supplied in the user account for the fulfilment of the contract, or in case of a written request for it, the user can have modified them by the Controller.
In case of receiving a complaint, we will process the personal data of the person lodging it (name, address, e-mail address, subject of the complaint) for the purpose of handling it. During the handling of complaints, we will store your data provided during the complaint lodged in accordance with those included in the GCT electronically on our server in a separate file for 5 years in compliance with the regulations on consumer protection. The legal basis of the data processing is the fulfilment of our legal obligation prescribed by the law provision within the regulations on consumer protection.
Under the title of fulfilling a legal obligation, we will process the data defined in the law of natural persons who establish business relationship with us as customers in order that we can fulfil our tax and accountancy obligation. On the basis of §169 and §202 of Act CXXVII of 2017 on the value added tax, the processed data are especially: name, address. The period of storage of the personal data is 8 years from the termination of the legal relationship giving the legal basis for it. The personal data can be found in the invoice issued to you, which data will be transferred to the enterprise performing the tax and accountancy service for our company. Your data stored in the invoicing program “szamlazz.hu” will be transmitted exclusively to the National Tax and Customs Office.
We will ensure security of your data by password protection of the computers used by us as well as the technical and organisational measures guaranteed by the web hosting service provider performing the data storage.
As regards editing, uploading with content of data sheet of the deceased, placement of commemoration, the controller will be the customer or the user vested with administrator rights by customer, with regard to that personal data are shared publicly and used at home. As regards the contents shared by the visitors of the Website, the user(s) controlling the data sheet of the deceased in the Lapidaris system have the right of cancellation.
Although the scope of GDPR does not cover processing of data of deceased persons, by using the Lapidaris system the Customer controlling the data sheet of the deceased will dispose of the content of the page, the contents, remarks shared by the users.
The Controller acting as Processor – on the basis of its operating/functioning activity as the operator of the Website – will be entitled to process the personal data, message, contents shared publicly by the Users, in order to take the measures necessary for fault removal in case an operational/functioning fault arises.
For the purpose of the provision of service, Controller may process the personal data which are technically essential for providing the service.
With other conditions being the same, Controller will select and operate the tools applied during the provision of service in each case in such a way that processing of personal data happens only if it is absolutely necessary for the provision of the service and achievement of other purposes defined in the law, however, in such a case also to the necessary extent and for the necessary period of time.
Therefore the browsing data of the Website are placed on your Internet compatible device (computer, tablet, laptop, telephone) in the form of cookies.
We keep them usually till the end of the browsing, except for the cookie which is placed for it to remember the cookie handling approved by you. The storage time of this information is 30 days.
The Google Analytics system, a cookie placed by a third party, measures the number of visits to the Website; however, processing of personal data does not happen in relation to data placed by a third party, either. During the analysis of the data, the person of the visitor stays unknown. The storage time of cookies lasts in this case till the end of the browsing of the website.
The Website uses the remarketing follower codes of Google Adwords. Remarketing is a function, by which relevant advertisement can be displayed for the users who earlier already visited the Website, while they are browsing other websites of the Google Display Network. The users visiting the Website can disable these cookies; in this case the Website will not appear for them while browsing other websites.
IF YOU DO NOT SUPPORT THE OPERATION OF COOKIES
Internet Explorer: visit the page https://support.microsoft.com, and enter “cookies” in the search.
Safari: visit the page https://support.apple.com/hu-hu, and enter “cookies” in the search.
The user/visitor acknowledges that by refusing cookies certain functions of the Website will be accessible only partially, or will not be accessible at all.
In accordance with the provisions of the general data protection regulation of the European Union, prior the start of the data processing you are entitled to receive free information about the facts concerning the data processing which we ensure by making the Data Protection Policy available for you.
In order to exercise your rights to the protection of your personal data, you can contact us at the e-mail address email@example.com.
You are entitled to ask for information about the data processed about you, the purpose and legal basis of the data processing, the data processors and the data protection incidents concerning your data. The request for information is free in the current year; otherwise we will charge a cost of HUF 1,000. The fulfilment of request in case of unlawful data processing or for correction will be free of charge.
You can ask to correct, cancel your personal data or restrict their processing, and you are entitled to ask possibility of data carrying. In addition, you can object to the processing of your data, and you are entitled to turn to the supervisory authority in case of a complaint.
We will not assume any responsibility for the trueness of the personal data given by you; however, if you notify us of the change of your personal data, we will keep them accurate and up to date.
You have the possibility to know this data protection policy at any time prior to and during the supply of the data and also subsequently, which will be displayed through a separate link on the Website.
Prior to sending the blank forms, you have to declare your consent to the processing of your personal data; furthermore, you have to declare that you accept the content of the data protection policy.
Beyond the data processors described above in the purposes of data processing, we will not issue, sell and make available the data stored about you to another company or private person, or a third person under any circumstances. Any difference from it may happen only in the cases prescribed by the law.
If you ask for cancellation of your personal data, or express your objection, we will inspect your request and if we are not obliged to block or keep your data for another reason defined in a law provision, we will fulfil your request in15 working days without any condition, free of charge and inform you about this in writing.
During our data processing activity, we will provide for the compliance with the data privacy and secrecy obligation concerning us. Our website communication is done through an encrypted channel.
The computers used for data processing are protected with user name and password and we ensure their physical protection by means of other security equipment as well.
The data kept by the data processor are stored on a server of safe operation protected with firewall and by means of software programs furnished with suitable virus protection.
We protect the data with proper measures against unauthorised access, change, transmission, disclosure, cancellation or destruction as well as accidental destruction and damage and becoming inaccessible as a result of the technology applied.
We have suitable incident management plan if a possible data protection incident occurred.
We protect our sites and data bases against crack and spam sending by robots by entering a security code placed in the blank forms (so-called reCaptcha). Through the captcha, identification of persons cannot be performed.
If you have any remark, recommendation, need further information or any problem arises, you can contact us at the contacts indicated on the Website. Please send the declaration on the personal data to the e-mail address firstname.lastname@example.org. We will reply to your letter in 30 days.
In case of a complaint, you are entitled to turn to the National Authority for Data Protection and Freedom of Information (NAIH), as supervisory authority or, to the court.
Nemzeti Adatvédelmi és Információszabadság Hatóság
(National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mailing address: 1530 Budapest, Pf.: 5.
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
Our currently effective data protection policy is accessible for everybody on the Website.
Our company reserves the right to modify the content of the data protection policy unilaterally. In case of a change, we will notify our Visitors; however, it will not affect the legality of our earlier data processing.
This data protection policy is effective from 10th January 2019.
RELEVAN LAW PROVISIONS, REGULATIONS
DEFINITIONS USED IN THE POLICY
Data subject: any specific natural person identified or directly or indirectly identifiable on the basis of personal data.
Consent of data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
Personal data: any information relating to the data subject - in particular name, address, telephone number or information on one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person –, as well as the conclusion which can be drawn from the data for the data subject.
Controller: the natural or legal person, or organisation not having legal personality, which, alone or jointly with others, determines the purposes of the processing of data, makes and carries out the decisions on the data processing (including the tools used) or makes carried out by the processor. In our case the Service Provider is qualified as Controller.
Data processing: any operation or set of operations which is performed on the data made available by the data subject to Service Provider, so in particular collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as well as prevention of further use of the data.
Data protection incident: unlawful handling or processing of personal data, so in particular unauthorised access, modification, transmission, disclosure, cancellation or destruction, as well as accidental destruction or damage.
Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Data security: set of organisational, technical solutions and procedural rules against the unlawful processing, so in particular acquisition, processing, alteration and destruction of personal data; such condition of data processing in which the risk factors – and thereby the level of being threatened - are reduced to the lowest degree by means of the organisational and technical solutions and measures.
Legal basis for data processing: as a main rule, the consent of the data subject or the obligatory data processing ordered by the law (e.g. fulfilment of contract, legal obligation, etc.).
The definitions can be seen at the website of NAIH.