Privacy Policy - Royal Tokaji

Privacy Policy pursuant to the General Data Protection Regulation 2016/679 of the European Union (hereinafter: The GDPR Regulation)

Date of adoption: 20/09/2021

Data controller

Name: ROYAL TOKAJI BORÁSZATI ZÁRTKÖRŰEN MŰKÖDŐ RÉSZVÉNYTÁRSASÁG

Headquarters: 3909 Mád, Rákóczi utca 35.

Mailing address, complaint handling: 3909 Mád, Rákóczi utca 35.

E-mail: [email protected]

Phone number: +36 47 548 500

Website: https://royal-tokaji.com/

Hosting provider

Name: Forpsi Hungary – BlazeArts Kft.

Mailing address: 6090 Kunszentmiklós, Damjanich János u. 36.

E-mail address: [email protected]

Telephone number: (06 1) 610 5506

Description of the data management performed during the operation of the website

Information on the use of cookies – What is a cookie?

The Data Controller uses so-called cookies when visiting the website. The information package consists of cookie letters and numbers that our website sends to your browser in order to save certain of your settings, facilitate the use of our website and contribute to the collection of some relevant, statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying an individual user, but some contain a unique identifier – a secret, randomly generated sequence of numbers – that your device stores, thus ensuring your identity. The period of operation of each cookie is described in the relevant description of each cookie.

Legal background and legal basis of cookies:

The legal basis for data processing under Article 6 (1) (a) of the the GDPR Regulation is your consent.

The main features of the cookies used by the website are:

Google Adwords cookie: When someone visits our site, the visitor’s cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, to personalize ads on Google products such as Google Search. For example, you use such cookies to remember your recent searches, past interactions with individual advertisers ‘ads or search results, and visits to advertisers’ websites. AdWords Conversion Tracking uses cookies. It tracks cookies on a user’s computer to track sales and other conversions that result from an ad when that person clicks on an ad. Here are some common ways to use cookies: selecting ads based on what’s relevant to that user, improving campaign performance reports, and avoiding ads that the user has already viewed.

Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and application owners gain a more accurate picture of their visitors’ activities. The Service may use cookies to collect information and report statistics about website usage without personally identifying visitors to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to reporting from site usage statistics, Google Analytics, along with some of the advertising cookies described above, can also be used to show more relevant ads on Google products (such as Google Search) and across the web.

Remarketing cookies: For past visitors or users to appear when browsing other sites on the Google Display Network or searching for terms related to their products or services

Cookies strictly necessary for operation: These cookies are essential for the use of the website and allow you to use the basic functions of the website. Without these, many features of the site will not be available to you. The lifespan of these types of cookies is limited to the duration of the session only.

Cookies to improve the user experience: These cookies collect information about the user’s use of the website, such as which pages you visit most often or what error message you receive from the website. These cookies do not collect information that identifies the visitor, i.e. they work with completely general, anonymous information. The data obtained from these is used to improve the performance of the website. The lifespan of these types of cookies is limited to the duration of the session only.

Session cookie: These cookies store the visitor’s location, browser language, payment currency, lifetime when the browser is closed, or up to 2 hours.

Age-restricted content cookie: These cookies confirm the fact that the age-restricted content has been approved and that the person concerned is over 18 years of age and will last until the browser is closed.

Referer cookies: Record what external page the visitor came to the site from. Their lifespan lasts until the browser is closed.

Last viewed product cookie: Records the products you last viewed as a visitor. Their lifespan is 60 days.

Mobile version, design cookie: Detects the device used by the visitor and switches to full view on mobile. Shelf life 365 days.

Cookie acceptance cookie: When you arrive at the site, you accept the statement about the storage of cookies in the warning window. Shelf life 365 days.

Smart Bid Cookie: Record the conditions for displaying smart bids (e.g., whether the visitor has already been to the site or has an order). Shelf life is 30 days.

Employee_login_last_email: When logging in, the email address is stored until the browser is closed.

Ealrm, ealem, ealpw: Provides permanent access. Shelf life 180 days.

If you do not accept the use of cookies, certain features will not be available to you. You can find more information about deleting cookies at the following links:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/en/kb/websites-sub-placed-sutik-torlese-szamito
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/en-us/help/4027947/microsoft-edge-delete-cookies

Data processed for contracting and performance purposes

Several data management cases may be implemented for the conclusion and performance of the contract. We would like to inform you that data processing related to complaint handling and warranty administration will only take place if you exercise any of these rights.

If you are only a visitor to the website, then what is written in the data management for marketing purposes may apply to you, if you give us consent for marketing purposes.

Data management for the conclusion and performance of contracts in more detail:

Contact

For example, if you contact us by email, contact form, or phone with a question about a product. Pre-contact is not obligatory.

Managed data

The information you provided during the contact.

Duration of data management

The data will only be processed until the contact is completed.

Legal basis for data management

Your voluntary consent, which you provide to the Data Controller by contacting us. [Data processing pursuant to Article 6 (1) (a) of the GDPR Regulation]

Registration on the website

By storing the data provided during registration, the Data Controller can provide a more convenient service (eg the data of the data subject does not have to be entered again when making another purchase). Registration is not a condition for concluding a contract.

Managed data

During data management, the Data Controller manages your name, address, telephone number, e-mail address, the characteristics of the purchased product and the date of purchase.

Duration of data management

Until the withdrawal of your consent.

Legal basis for data management

Your voluntary consent to the Data Controller upon registration [Data processing under Article 6 (1) (a) of the GDPR Regulation]

Data processed in relation to the verifiability of consent

During registration, ordering and subscribing to the newsletter, the IT system stores the IT data related to the consent for later proof.

Managed data

Date of consent and IP address of the person concerned.

Duration of data management

Due to legal requirements, the consent must be able to be verified later, therefore the duration of the data storage will be stored for the limitation period after the termination of the data processing.

Legal basis for data management

Article 7 (1) of the the GDPR Regulation provides for this obligation. [Data processing pursuant to Article 6 (1) (c) of the the GDPR Regulation] Google Analitycs info: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en

Legal basis for data management

Your voluntary consent to the Data Controller using the website [Data processing pursuant to Article 6 (1) (a) of the the GDPR Regulation].

Additional data management

If the Data Controller wishes to perform further data management, it shall provide preliminary information on the essential circumstances of the data management (legal background and legal basis of data management, purpose of data management, scope of data processed, duration of data management).

We would like to inform you that the Data Controller must comply with the written data requests of the authorities based on legal authorization. The Data Controller informs about the data transfers in the Infotv. In accordance with Section 15, Paragraphs (2) – (3), it keeps records (to which authority, what personal data, on what legal basis, when was transmitted by the Data Controller), the content of which the Data Controller provides on request, unless its disclosure is excluded by law.

Recipients of personal data: ROYAL TOKAJI BORÁSZATI ZÁRTKÖRŰEN MŰKÖDŐ RÉSZVÉNYTÁRSASÁG

Data processing for the storage of personal data

Name of the data processor: ROYAL TOKAJI BORÁSZATI ZÁRTKÖRŰEN MŰKÖDŐ RÉSZVÉNYTÁRSASÁG

Contact details of the data processor

Phone number: +36 47/548-500

E-mail address: [email protected]

Headquarters: 3909 Mád, Rákóczi utca 35.

Website: www.royal-tokaji.com

The Data Processor stores personal data on the basis of a contract concluded with the Data Controller. You are not entitled to access personal data.

Data processing activities related to the sending of newsletters

Name of the company operating the newsletter sending system: ROYAL TOKAJI BORÁSZATI ZÁRTKÖRŰEN MŰKÖDŐ RÉSZVÉNYTÁRSASÁG

Headquarters of the company operating the newsletter sending system: 3909 Mád, Rákóczi utca 35.

Phone number of the company operating the newsletter sending system: +36-47/548-500

E-mail address of the company operating the newsletter sending system: [email protected]

Website of the company operating the newsletter sending system: www.royal-tokaji.hu

The Data Processor participates in the sending of newsletters on the basis of a contract concluded with the Data Controller. In doing so, the Data Processor manages the name and e-mail address of the data subject to the extent necessary for sending the newsletter.

Your rights during data management

Within the period of data processing, you have the following rights in accordance with the provisions of the Decree:

the right to withdraw consent
access to personal data and information related to data management
the right to rectification
data management restrictions,
right of cancellation
the right to protest
the right to portability.

If you wish to exercise your rights, this will involve your identification and the Data Controller must communicate with you. Therefore, you will be required to provide personal information for identification purposes (but identification may only be based on data that the Data Controller handles about you anyway) and your data management complaints will be available in the Data Controller’s email account within the timeframe specified in this information. If you have been our customer and would like to identify yourself for complaint or warranty purposes, please also provide your order ID for identification. Using this, we can also identify you as a customer.

Complaints related to data management will be answered by the Data Controller within 30 days at the latest.

Right to withdraw consent

You have the right to withdraw your consent to data management at Rectification, erasure or restriction of the processing of personal data concerning you and, in the case of processing of data based on a legitimate interest, you may object to the processing of such personal data;

o the right to lodge a complaint with the supervisory authority;

o if the data was not collected from you, all available information about their source;

o the fact of automated decision-making (if such a procedure has been used), including profiling, and at least in these cases, understandable information about the logic used and the significance of such data processing and the expected consequences for you.

The purpose of exercising the right may be to establish and verify the lawfulness of the data processing, therefore in case of repeated requests for information, the Data Controller may charge a fair fee for the provision of the information.

Access to personal data is ensured by the Data Controller by sending you the processed personal data and information by e-mail after your identification. If you have a registration, we will provide access so that you can view and verify the personal information we manage about you by logging into your user account.

Please indicate in your request whether you are requesting access to personal data or requesting data management information.

Access to personal data

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if data is being processed, you are entitled to:

have access to the personal data processed and
inform the Data Controller of the following information:

o the purposes of data management;

o the categories of personal data processed about you;

o information on the recipients or categories of recipients with whom or with whom the Data Controller has communicated or will communicate personal data;

o the intended period of storage of the personal data or, if that is not possible, the criteria for determining that period;

o your right to request the Data Controller to rectify, delete or restrict the processing of personal data concerning you and to object to the processing of such personal data in the event of data processing based on a legitimate interest;

o the right to lodge a complaint with the supervisory authority;

o if the data was not collected from you, all available information about their source;

Please indicate in your request whether you are requesting access to personal data or requesting data management information.

Right to rectification

You have the right, at the request of the Data Controller, to correct inaccurate personal data concerning you without delay.

Right to rectification

You have the right, at the request of the Data Controller, to correct inaccurate personal data concerning you without delay.

Right to restrict data management

You have the right, at the request of the Data Controller, to restrict the data processing if one of the following is met:

You dispute the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to check the accuracy of the personal data, if the exact data can be established immediately, the restriction will not take place;
the processing is unlawful, but you object to the deletion of the data for any reason (for example, because the data is important to you in order to enforce a legal claim), so you do not request the deletion of the data, but instead request a restriction on its use;
the Data Controller no longer needs the personal data for the purpose of the designated data processing, but you request it in order to submit, enforce or protect legal claims; obsession
You have objected to the data processing, but the data controller’s legitimate interest may also justify the data processing, in which case the data processing must be limited until it is determined whether the Data Controller’s legitimate reasons take precedence over your legitimate reasons.

Where processing is restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

The data controller will inform you in advance (at least 3 working days before the lifting of the restriction) about the lifting of the data management restriction.

Right to delete – right to forget

You have the right to have personal data about you deleted by the Data Controller without undue delay if any of the following reasons exist:

personal data is no longer required for the purpose for which they were collected or otherwise processed by the Data Controller;
You withdraw your consent and there is no other legal basis for the processing;
You object to the processing based on a legitimate interest and there is no overriding legitimate reason (ie a legitimate interest) in the processing,
the Personal Data was processed unlawfully by the Data Controller and this was established on the basis of the complaint,
personal data must be deleted in order to fulfill a legal obligation under EU or Member State law applicable to the Data Controller.

If, for any lawful reason, the Data Controller has disclosed personal data processed about you and is obliged to delete it for any of the reasons set out above, it shall take reasonable steps, including technical measures, to inform the data, taking into account available technology and implementation costs. other data controllers that you have requested the deletion of the links to the personal data in question or of a copy or duplicate of this personal data.

Deletion does not apply if data processing is required:

to exercise the right to freedom of expression and information;
fulfillment of an obligation under EU or Member State law to process personal data (such as billing, as the retention of an account is required by law) or in the public interest or in the exercise of a public authority conferred on the controller;
to submit, enforce or protect legal claims (eg if you are the Data Controller has a claim and has not yet fulfilled it, or a consumer or data management complaint is being processed).

Right to protest

You have the right to object at any time, for reasons related to your situation, to the processing of your personal data on the basis of a legitimate interest. In this case, the Data Controller may not further process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons which take precedence over your interests, rights and freedoms, or which are related to the submission, enforcement or protection of legal claims. If personal data is processed for the purpose of direct business acquisition, you have the right to object at any time to the processing of personal data concerning you for this purpose, including profiling, insofar as it relates to direct business acquisition. If you object to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.

Right to portability

If the data processing is carried out automatically or if the data processing is based on your voluntary consent, you have the right to ask the Data Controller to receive the data provided by you to the Data Controller, which the Data Controller provides to you in xml, JSON or csv format. if this is technically feasible, it may request that the Data Controller transfer the data in this form to another data controller.

Automated decision making

You have the right not to be covered by a decision (including profiling) based solely on automated data processing that would have legal effect on you or affect you to a similar extent. In such cases, the Data Controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention, to express his or her views and to object to the decision.

The above does not apply if the decision:

is necessary for the conclusion or performance of a contract between you and the data controller;
is governed by EU or Member State law applicable to the controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; obsession
is based on your express consent.

Data security measures

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and becoming inaccessible due to changes in the technology used.

The Data Controller will make every effort to ensure that its data controllers also take appropriate data security measures when working with your personal data.

Remedies

If you consider that the Data Controller has violated any legal provision on data processing or has not complied with any of its requests, the National Data Protection and Freedom of Information Authority may initiate an investigation procedure to terminate the alleged unlawful data processing (mailing address: 1363 Budapest, Pf. 9., e-mail: [email protected]).

Modification of data management information

The Data Controller reserves the right to amend this data management information in a manner that does not affect the purpose and legal basis of the data management. By using the website after the change takes effect, you accept the amended data management information.

If the Data Controller wishes to perform further data processing in connection with the collected data for a purpose other than the purpose of their collection, it shall inform you about the purpose of the data processing and the following information prior to the further data processing:

the duration of the storage of personal data or, if this is not possible, the criteria for determining the duration;
the right to request the Data Controller to access, rectify, delete or restrict the processing of personal data concerning you, and to object n whether it is based on a contractual obligation or a precondition for concluding a contract, and whether you are obliged to provide personal data and what the possible consequences of non-disclosure may be;
the fact of automated decision-making (if such a procedure has been used), including profiling, and at least in these cases, understandable information about the logic used and the significance of such data processing and the expected consequences for you.

The data processing can only start after that, if the legal basis of the data processing is consent, in addition to the information, you must also consent to the data processing.

This document contains all relevant data management information related to the operation of the website in accordance with the General Data Protection Regulation 2016/679 of the European Union and the 2011 CXII. TV.

Dated: Mád, 2021.09.20