The data management practice of the data controller is regulated by EU Regulation 2016/679 (GDPR) and Act CXII of 2011 on the right to informational self-determination and freedom of information. (hereinafter: Info Act.), the legal basis of data processing is section §6(1) and §5(1)(a) of these laws, the voluntary consent of the person interested in or registering on the website.
Terms used in the PP under the Info Act:
A natural or legal person or an organization with no legal personality, which alone or jointly with others determines the purpose and means of data processing, makes and implements decisions on data processing (including the means used) or make decisions executed by the data controller;
Any determined, identified on the basis of personal data or - directly or indirectly – identifiable natural person;
Data related to the data subject, in particular the data subject's name, identification code and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, as well as the conclusion may be drawn from the data concerning the data subject;
A voluntary and firm declaration of the data subject's intention, based on adequate information, giving his or her unambiguous consent to the processing - in whole or in part - of his/her personal data;
Right of objection
According to EU regulation 2016/679 and Section 4(1) of the Info Act, the personal data of the data subject may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation.
According to the law, only such personal data of the data subject may be processed, which is essential for the realization of the purpose of data processing and is suitable for achieving the purpose. The personal data of the data subject may be processed only to the extent to achieve the purpose and for the time necessary.
The data controller acts in accordance with the data security requirements of the law.
The use of your personal data is based, inter alia, on the following legal bases:
- the data required to complete the order or the steps required prior to the order, legal basis: Article 6(1)(a) and (b) of the GDPR
- registration required for the order, Article 6(1)(a) and (b) of the GDPR
- issue of an invoice in accordance with accounting legislation; legal basis: Article 6(1)(c) of the GDPR
- contact - legal basis: Article 6(1)(f) of the GDPR. The legitimate interest of the data controller: business continuity.
- processing of data of contractual partners - legal basis: Article 6(1)(b) of the GDPR
- marketing activity - legal basis: Article 6 (1) (a) GDPR. e.g. visiting a website without making a purchase
- for the purpose of marketing activities, a Facebook page is also operated, however, an independent database is not created or profiled.
- legal basis for online registration: Article 6(1)(a) of the GDPR
The purpose of data management is to conclude and fulfill the contract for the service on the website www.navita.hu, such as registration for the order, processing of the order, fulfillment with delivery, subscription to services, acquainting the interested parties with the services, contact with data subjects, furthermore the performance of related administrative tasks, as well as possible warranty administration and complaint handling.
Based on the voluntary consent, data subject provides the following data for the purpose of first contact, registration, communication:
- home address
- E-mail address
- phone number
The data subject gives his/her voluntary consent at the data controller to the processing of the data regarding the data mentioned above, personally by using the website. The consent also covers operations of data collection, entry, recording, organization, storage, use, deletion and destruction.
By providing E-mail address, the data subject consents to sending information about and prospectus of services provided by the data controller.
The data controller shall take all necessary security, organizational and technical measures to ensure the highest level of security of the personal data processed by data controller and to prevent their unauthorized alteration, destruction and use.
If the data controller is about to carry out further data processing, he/she shall provide preliminary information on the essential circumstances of the data management (legal background and legal basis of data management, purpose of data management, scope of processed data, duration of data management).
Due to legislative provisions - Article 7(1) of the GDPR. - the consent must be able to be verified later, therefore the data will be stored for the limitation period following the cessation of data processing.
During registration, ordering, subscribing to the newsletter, the IT system stores the IT data related to the consent for later proof.
The duration of data management lasts from the time of data registration to the deletion of the data by the data controller (see Data Access>).
Invoices are kept for at least eight years due to legal obligation. The retention period of the documents on which the invoice is based is eight years.
The retention period of the data provided for the purpose of contact is maximum one year after the contact is established.
Retention period of data related to contract fulfillment: five years.
In relation to personal data, the data subject has the rights specified by law.
- right of access (cognition of data, fact whether data are being processed);
- in case of out-of-date or incorrect data, its correction;
- deletion (only in the case of consent-based data management);
- restrictions on data processing;
- prohibiting the use of personal data for direct marketing purposes;
- transfer of personal data to a third-party service provider, or its prohibition;
- request a copy of any personal data processed by the data controller; or
- objection to the use of personal data.
The data subject may submit his/her requests in writing, by registered mail to the official address of the data controller or by electronic way. At the request of the data subject, the data controller shall delete his/her data without undue delay if the data subject withdraws the consent on which the data processing is based. Data controller shall send answers without delay, but within 30 days to the address or E-mail address provided by data subject.
We are to inform you that the data controller is obliged to comply with the written data requests of the authorities based on legal authorization. The data controller is obliged to keep records of data-transfer based on §15(2)-(3) of the Info Act (to which authority, what personal data, on what legal basis, when was transmitted by the data controller), the content of which the data controller provides information on request, unless its disclosure is excluded by law.
The legal provisions concerning the procedure related to the possible infringement of the data subject and the obligations of the data controller are set out in Act No. 2016/679. EU regulation and Info Act.
In case of data protection incident (unlawful handling or use of personal data) the data controller is obliged to report the events no later than within 72 hours of becoming aware of the data protection incident.
In the case of a breach of the processing of personal data, the data subject may lodge a complaint with the National Data Protection and Freedom of Information Authority in accordance with the provisions of the law (Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Website: https://naih.hu/, E-mail: email@example.com, postal address: 1530 Budapest, Pf: 5)
Judicial process: data protection litigation falls within the jurisdiction of the tribunal. The action may, at the option of the person concerned, also be brought before the court of the place where the person concerned stays or is resident.
Website operator, hosting provider
The www.navita.hu website is operated by Navita Pharma Kft. (Registered office: 1056 Budapest, Belgrád rakpart 10. fszt.1, CoRegNo: 01-09-337436 E-mail: firstname.lastname@example.org, phone number: +36 (70) 547-5096). The personal data provided by the data subjects will not be transferred by the data controller and operator to third-parties. The data controller does not use a data processor.
Navita Pharma Kft. (Registered office: 1056 Budapest, Belgrád rakpart 10. fszt.1) informs the visitors of the website that it qualifies as a data controller as the operator of the website and as a data controller handles only the personal data provided by the data subjects, and treats all data, facts and information related to data subjects confidentially.
You can send your comments to the E-mail address email@example.com.
Retrieval of personal information
(Authenticity is checked for security reasons!)