Privacy Policy
Introduction
It is important for us to protect the data of our customers and to comply with the currently valid data protection rules and laws, so we present in detail the website https://beyondbyst.com/ and Beyond Fitness Kft. (Registered office: 1097 Budapest, Könyves Kálmán körút 12-14 188. store, company registration number: 01 09 208458) steps of the company aimed at data protection and data management, processes related to data collection. The data is managed by Beyond Fitness Kft. (Hereinafter: Service Provider, Data Manager), and this company is responsible for the handling of personal data.
Contact information:
Full name: BEYOND FITNESS Korlátolt Felelősségű Társaság
Address of the Data Manager: 1097 Budapest, Könyves Kálmán körút 12-14. fszt.
Contact details of the Data Manager:
Phone: 06707475535
Email: beyond.fitnessclothing@gmail.com
The Data Manager protects the personal data of registered users managed in the web store in all expected ways. This privacy statement is available at all times via the following website: https://beyondbyst.com/
Amendments to the prospectus will take effect upon publication at the above address.
Data management related to registration on the website
Legal basis for data management: The data management is based on the consent of the data subject and on the following legal act: Act CVIII of 2001 on certain issues of electronic commerce services and information society services. Act (hereinafter: Elker Act) 13/A. § (3).
Stakeholders: All Users registered on the webshop website operated by the Service Provider.
Scope of data managed: Password provided by the customer, contact name and surname, e-mail address, telephone number, delivery address and name, billing name and address (in case of legal entity: company name, tax number, payment method, comment), date of registration, IP address at registration.
Stakeholders: All Users who registered on the Website.
Purpose of data management: Full use of the website operated by the Service Provider, e.g. creation of a contract for the provision of a service, purchase, determination of its content, modification, monitoring of its fulfillment, invoicing of the fees arising therefrom, and enforcement of related claims. With the special consent of the User, the Service Provider may handle the personal data of the Users specified above for the purpose of forwarding a newsletter or other direct marketing item.
Duration of data management, deadline for deleting data: By canceling the registration immediately or at the request of the data subject at any time. At the same time, the Service Provider informs the users that if the consent is revoked, it cannot ensure the use of the website, so it also qualifies as the cancellation of the registration. At the same time, the Service Provider informs the users that in the case of accounting documents, the accounting documents must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting, which also qualifies as the mandatory retention period of the data contained therein. In addition to the above, the Service Provider shall retain the data specified above for as long as they are required by the legislation in force at any given time.
Identity of potential data controllers entitled to access the data:: Personal data may be handled by the employees of the Data Manager or, in the case of a separate written data processing contract, by subcontractors used by the Data Manager, in compliance with the data protection legislation in force at any time.
Description of data subjects rights in relation to data processing: The following information can be changed on the websites: Password, contact name, e-mail address, telephone number, shipping address and name, billing name and address, company name, tax number, payment method, note.
The deletion or modification of personal data can be initiated by the data subject in the following ways:
- by post at 1097 Budapest, Könyves Kálmán körút 12-14. fszt. 188. store address,
- by e-mail to beyond.fitnessclothing@gmail.com,
Other principles related to the operation of the webshop, followed by the Service Provider on the basis of the relevant legal regulations (non-exclusive listing):
- The Service Provider may handle the personal data that are technically essential for the provision of the service in order to provide the service. If the other conditions are the same, the Service Provider must choose and in all cases operate the means used in the provision of the information society service in such a way that personal data is processed only if it is necessary for the provision of the service and other purposes specified in this Act. necessary, but in this case only to the extent and for the time necessary.
- For the purpose of invoicing the fees arising from the contract for the provision of the information society related service, the Service Provider may manage the natural personal identification data, address and data on the time, duration and place of the use of the information society related service.
- The Service Provider may process data related to the use of the service for any other purpose - especially to increase the efficiency of its service, to deliver electronic advertising or other content addressed to the user, for market research - only with the definition of the purpose of data management and with the consent of the user.
The datas delete: The Service Provider deletes the managed data in case of non-conclusion of the contract, after the termination of the contract and after invoicing (except in the case of mandatory data retention). Also, the data will be deleted by the Service Provider if the purpose of data management has ceased or the user has so provided. Unless otherwise provided by law, the deletion of data must be carried out immediately. The Service Provider must ensure that the user can find out which data management purposes the service provider handles for which data management purposes, including the handling of data that cannot be directly contacted by the user, at any time before and during the use of the information society service.
Social media sites
1. The fact of data collection, the scope of managed data:
Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. registered name on social networking sites and the users public profile picture.
2. Stakeholders: All concerned who have registered on Facebook / Google+ / Twitter / Pinterest / Youtube / Instagram etc. social media sites and “liked” the website.
3. Purpose of data collection: On social media sites, the sharing or "liking" of certain content elements, products, promotions or the website itself is promoted.
4. Duration of data processing, deadline for deletion of data, identity of potential data controllers entitled to access the data and description of the rights of data subjects in relation to data processing: The data subject can find out about the source of the data, their handling, as well as the method and legal basis of the transfer on the given community page. Data management is carried out on social networking sites, so the duration and method of data management, as well as the possibilities of deleting and modifying data are subject to the regulation of the given social networking site.
5. Legal basis for data management: The data subjects voluntary consent to the processing of his or her personal data on social media sites.
Cookies management:
Webshop-specific cookies are so-called “passwords used for password-protected sessions,” “shopping cart cookies,” and “security cookies,” the use of which does not require prior consent from those involved.
Legal basis for data management: Data management is based on the consent of the data subject. The consent of the data subject is not required if the sole purpose of the use of cookies is the transmission of communications via the electronic communications network or the provision of an information society service specifically requested by the subscriber or user.
The fact of data management, the scope of managed data: unique identification number, dates and times related to the use of the website
Stakeholders: All visitors to the website are affected.
The purpose of data management: identifying users, keeping a “shopping cart” record, and tracking visitors.
Duration of data management, deadline for deleting data: In the case of session cookies, the duration of data management lasts until the end of the visit to the websites.
Identity of potential data controllers entitled to access the data: Personal data may be processed by the Data Managers employees or, in the case of a separate written data processing contract, by subcontractors used by the data controller, in compliance with the data protection legislation in force at any time.
Description of data subjects rights in relation to data processing: The data subject has the option to delete cookies in the Tools / Settings menu of browsers, usually under the settings of the Privacy menu item.
Identity of potential data controllers entitled to access the data: Personal data may be processed by the Data Managers employees or, in the case of a separate written data processing contract, by subcontractors used by the data controller, in compliance with the data protection legislation in force at any time.
The Service Provider measures the traffic data of the web store using the Google Analytics service. Data is transferred during the use of the service. The data transmitted are not suitable for identifying the data subject. For more information about Googles privacy practices, go to: http://www.google.hu/policies/privacy/ads/
Newsletter, DM activity
Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. § 6 of the Act and the Info tv. Pursuant to Section 5 (1) a), the User may consent in advance and expressly to contact the Service Provider with his advertising offers and other items at the contact details provided during registration, and to the Service Provider handling his personal data for the purpose of sending advertising offers.
Legal basis for data management: The User may unsubscribe from sending newsletters free of charge without restriction or justification. In this case, the Service Provider will immediately delete all personal data - necessary for sending advertising messages - from its register and will not contact the User with further advertising offers. The User can unsubscribe from the advertisements free of charge by clicking on the link in the message.
The fact of data management, the scope of managed data: name, email address, date, time
Stakeholders: All those who subscribe to the newsletter.
The purpose of data management: Sending electronic messages containing advertisements to the data subject, providing information on current information, products, promotions, new features, etc.
Duration of data management, deadline for deleting data: The data processing lasts until the revocation of the declaration, ie until the unsubscription.
Identity of potential data controllers entitled to access the data: Personal data may be processed by the Data Managers employees or, in the case of a separate written data processing contract, by subcontractors used by the data controller, in compliance with the data protection legislation in force at any time.
Description of data subjects rights in relation to data processing: The person concerned can unsubscribe from the newsletter at any time, free of charge. The data subject may request information from the data controller on the handling of his or her personal data, or request the rectification, deletion or blocking of his or her personal data. The Service Provider, as the Data Manager, is obliged to provide the information requested by the customer in writing in a comprehensible form as soon as possible after the submission of the information request, but not later than within 30 days. If you have any questions, doubts or requests for information about your data managed by the Service Provider, you can do so by e-mail, which should be sent to the e-mail address beyond.fitnessclothing@gmail.com. A detailed explanation of the data subjects rights related to data processing and the possibilities of legal remedies can be found in the Chapters Rights and Remedies chapters.
The advertiser, the advertising service provider or the publisher of the advertisement shall keep records of the personal data of the persons who have made a statement to them, within the scope specified in the consent. The data contained in this register relating to the recipient of the advertisement may be processed only in accordance with the statement of consent, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
Data transmission
Legal basis for the transfer of data: The consent of the data subject, Infotv. Section 5 (1) (a) and Section CVIII of 2001 on certain issues of electronic commerce services and information society services. Act 13 / A. § (3).
The fact of data management, the scope of managed data: Password, contact name, e-mail address, telephone number, shipping address and name, billing name and address, company name, tax number, payment method, note, date of registration, IP address at the time of registration.
Stakeholders: All persons involved.
The purpose of data management: Providing website features.
Duration of data management, deadline for deleting data: The data processing lasts until the withdrawal of the consent of the data subject concerned.
Identity of potential data controllers entitled to access the data: Personal data may be processed as a data processor by the following, in compliance with the relevant legislation:
Hosting provider:
3 in 1 Hosting Bt.
Tax number: 22206118-2-13
Address: 2310 Szigetszentmiklós Brassó utca 4/A.
Availability: https://megacp.com/
The packages are delivered by the Express One / GLS / FEDEX Courier Service. Customer service reserved for recipients is available at the following contacts, working days 7.00 - 20.00:
Email address: ugyfelszolgalat@expressone.hu
Phone: +36 1 8 777 400 or +36 1 8 777 444
Phone: (+36 20) 890-0660*
International Customer Service: E-mail address: intcs@expressone.hu
Phone: +36 1 8 777 410
You can view the Express One Privacy Notice at the following link: https://expressone.hu/public/Express_One_Hungary_Kft_Adatkezelesi_tajekoztato.pdf
You can view the GLS Privacy Notice at the following link: https://gls-group.eu/HU/hu/adatkezelesi-tajekoztato
You can view the FEDEX Privacy Notice at the following link: https://www.fedex.com/hu-hu/privacy-policy.html
Description of data subjects rights in relation to data processing: The data subject may request information from the data controller on the handling of his or her personal data, or request the rectification, deletion or blocking of his or her personal data. The Service Provider, as a data controller, is obliged to provide the information requested by the customer in writing in a comprehensible form as soon as possible after the submission of the information request, but not later than within 30 days.
If you have any questions, doubts or requests for information about the data managed by the Service Provider, you can do so: by e-mail, which should be sent to the e-mail address beyond.fitnessclothing@gmail.com. A detailed explanation of the data subjects rights related to data processing and the possibilities of Remedies is contained in the Chapters Rights and Remedies chapters.
Legal basis for data transmission: The Users consent, Infotv. Section 5 (1) (a) and Section CVIII of 2001 on certain issues of electronic commerce services and information society services Act 13 / A. § (3).
(E) Data security
The controller is obliged to plan and carry out data management operations in such a way as to ensure the protection of the privacy of data subjects.
Within the scope of the data controller or activity, the data processor is obliged to ensure the security of the data, and is also obliged to take the technical and organizational measures and to establish the procedural rules necessary for the enforcement of the Info Act and other data and confidentiality rules.
The data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental destruction and damage, and loss of access due to changes in the technology used.
In order to protect the data files processed electronically in the various registers, an appropriate technical solution must be taken to ensure that the data stored in the registers cannot be linked directly to the data subject, unless permitted by law.
During the automated processing of personal data, the data controller and the data processor shall ensure by additional measures:
- prevent unauthorized data entry;
- It prevents the use of automatic data-processing systems by unauthorized persons using data communication equipment;
- It ensures that it is possible to verify and establish to which bodies personal data have been or may be transmitted using data communication equipment;
- It ensures the controllability and traceability of which personal data was entered into automatic data processing systems, when and by whom;
- Ensures that installed systems can be recovered in the event of a malfunction and that errors during automated processing are reported.
The Data Manager and the Data Processor must take into account the current state of the art when defining and applying data security measures. Of the several possible data management solutions, the one that provides a higher level of protection of personal data should be chosen, unless this would be a disproportionate burden for the Data Manager.
Rights of data subjects in all data processing:
The data subject may request the Service Provider to provide information on the handling of his / her personal data, request the correction of his / her personal data, and request the deletion or blocking of his / her personal data, with the exception of mandatory data processing.
At the request of the data subject, the Data Manager shall provide information on the data processed by the data subject or processed by the Data Manager, their source, purpose, legal basis, duration, name, address and activities related to the data processing, as well as the legal basis and the recipient of the transfer.
In order to check the lawfulness of the data transfer and to inform the data subject, the Data Controller shall keep a data transfer register containing the date of transfer of personal data processed by him, the legal basis and recipient of the transfer, determination of the scope of transferred personal data and other data specified by law. The data controller shall provide the information in writing in a comprehensible form at the request of the data subject as soon as possible after the submission of the request, but no later than within 30 days. The information is free.
At the request of the User, the Service Provider provides information on the data managed by it, their source, purpose, legal basis, duration, name, address and activities related to data processing of any data processor, and - in case of transfer of personal data of the data subject - legal basis and recipient. The Service Provider shall provide the information in writing, in a comprehensible form, as soon as possible after the submission of the application, but not later than within 30 days. The information is free. The Service Provider shall correct the personal data if the personal data does not correspond to reality and the personal data corresponding to reality is available to the Data Manager.
Instead of deleting, the Service Provider blocks the personal data if the User so requests or if, on the basis of the information available to him, it can be assumed that the deletion would harm the legitimate interests of the User. Blocked personal data may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists. The Service Provider deletes the personal data if its processing is illegal, the User requests it, the processed data is incomplete or incorrect - and this condition cannot be legally remedied - provided the deletion is not excluded by law, the purpose of data processing is terminated or the data storage has expired, it has been ordered by a court or the National Data Protection and Freedom of Information Authority.
The Data Manager shall mark the personal data processed by it if the data subject disputes its correctness or accuracy, but the inaccuracy of the disputed personal data cannot be clearly established.
The data subject shall be notified of the rectification, blocking, flagging and deletion, as well as to all persons to whom the data have previously been transmitted for data processing purposes. Notification may be omitted if, for the purposes of the processing, this does not harm the legitimate interests of the data subject.
If the Data Manager does not comply with the Data Subjects request for rectification, blocking or erasure, she shall communicate in writing the factual and legal reasons for the rejection of the request for rectification, blocking or erasure within 30 days of receipt of the request. In the event of a rejection of a request for rectification, erasure or blocking, the Data Manager shall inform the Data Subject of the possibility of legal redress and recourse to the Authority.
The Data Subject is entitled to receive the personal data concerning him / her provided to the Data Manager in a structured, widely used, machine - readable form. Furthermore, you have the right to transfer this data to another Data Manager without the Data Manager preventing it, provided that the data management is done in an automated manner.
The Data Subject shall have the right not to be covered by a decision based solely on automated data processing, - including profiling - which would have legal effect or similar effect on him or her, unless
(I) this is necessary for the conclusion or performance of the contract between the Data Subject and the Data Manager
(II) its adoption is permitted by Union or Hungarian law, subject to the establishment of appropriate protection measures, or
(III) the Data Subject has expressly consented.
Remedies
The User may object to the processing of his / her personal data if
a) the processing or transmission of personal data is necessary only for the fulfillment of a legal obligation to the Service Provider or for the enforcement of the legitimate interest of the Service Provider, data recipient or a third party, unless the data processing has been ordered by law;
b) the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research;
c) in other cases specified by law.
The Service Provider shall examine the protest within the shortest time from the submission of the application, but not later than within 15 days, make a decision on its merits and inform the applicant in writing of its decision. If the Service Provider establishes the validity of the data subjects protest, it terminates the data processing, including further data collection and data transfer, and blocks the data, and notifies all those to whom it has previously transmitted the personal data affected by the protest, and who are obliged to take action to enforce the right to protest.
If the User does not agree with the decision of the Service Provider, he may appeal against it to the court within 30 days of its notification. The court is acting out of turn.
Complaints against possible violations of the Data Manager can be lodged with the National Data Protection and Freedom of Information Authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Postafiók: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Judicial enforcement
The Data Controller is obliged to prove that the data processing complies with the provisions of the law. The data recipient must prove the lawfulness of the data transfer.
The trial falls within the jurisdiction of the tribunal. The action may, at the option of the person concerned, also be brought before the court of the place where he or she resides or stays.
A party to a lawsuit may also be one who does not otherwise have legal capacity to sue. The Authority may intervene in the proceedings in order for the person concerned to succeed.
If the court grants the request, it obliges the Data Manager to provide the information, to correct, block, delete the data, to annul the decision made by automated data processing, to take into account the data subjects right of objection or to release the data requested by the data recipient.
If the court rejects the data recipients request, the Data Manager is obliged to delete the personal data of the data subject within 3 days from the notification of the judgment. The Data Manager is obliged to delete the data even if the data recipient does not go to court within the specified time limit.
The court may order the publication of its judgment, by publishing the identification data of the Data Controller, if the interests of data protection and the protected rights of a larger number of data subjects so require.
Compensation
The Data Controller is obliged to compensate the damage caused to others by the illegal handling of the data of the data subject or by violating the data security requirements. The Data Controller is also liable to the data subject for the damage caused by the data processor. The Data Controller is released from liability if it proves that the damage was caused by an unavoidable cause outside the scope of data processing.
There is no need to compensate for damage if it was caused by the victims intentional or grossly negligent conduct.
Relevant legislation:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
- 2011 CXII. Act - on the right to information self-determination and freedom of information (hereinafter: Infotv.)
- CVIII of 2001 Act - on certain issues of electronic commerce services and services related to the information society (mainly Section 13 / A)
- XLVII of 2008 Act on the Prohibition of Unfair Commercial Practices against Consumers;
- XLVIII of 2008 Act - on the basic conditions and certain restrictions of commercial advertising (especially § 6)
- 2005 XC. Electronic Freedom of Information Act
- Act C of 2003 on Electronic Communications (specifically Section 155)
- 16/2011. s. Opinion on the EASA / IAB Recommendation on Best Practices for Behavioral Online Advertising
If you have previously sent an order, the order will be sent at the time of sending. Information about modifying or deleting your personal information related to your order can be initiated by personally, by telephone or by e-mail at the data controller.
The Data Controller shall provide the information in writing in the shortest possible time, but not more than 10 days, in a comprehensible form, at the registered user's request. If you find the registered user's claim as legitimate, he or she will take immediate steps to correct or delete your personal information.
If the registered user is not satisfied with the response of the data controller, he may enforce his or her right to the protection of his or her personal data before a civil court and may contact the National Data Protection and Information Authority (www.naih.hu/kapcsolat.html).