Introduction
WWW.SCORPIO - SCORPIO Kft. (registered office: 1037 Budapest, Pomázi út 15., company registration number: 01-09-710253, tax number: 12194432-2-41, represented by Mrs Júlia Farkas Seres, e-mail: info@scorpio.hu) as the Service Provider undertakes to be bound by the contents of this Privacy Policy.
The primary purpose of this Policy is to provide the users of SCORPIO Kft.’s webshop - WWW.SCORPIO.HU - with all the information necessary to make a well-informed decision about the processing of their personal data.
SCORPIO Kft.’s aim in drafting this Privacy Policy is to define the range of personal data processed by the Service Provider and the method of processing; to ensure compliance with the constitutional principles of data protection and the requirements of data security, and to prevent unauthorised access to User data or alteration to such data and their unauthorised disclosure or use.
SCORPIO Kft.will handle all personal data received from Users confidentially and will take all necessary measures that promote the safe processing of data.
SCORPIO Kft. is committed to ensuring the protection of personal data.
In order to fulfil orders placed in the www.scorpio.hu webshop, SCORPIO Kft. needs certain personal data of its customers as without these the contract constituting the legal basis of the purchase cannot be concluded and thus an order cannot be placed.
Data processing is based on the freely given consent of the users of the online contents to be found on the www.scorpio.hu website given after receiving due information. This statement contains the users’ explicit consent to the use of their personal data disclosed in the course of using the website.
The personal data given in the course of ordering are also used by contractual partners providing the webshop service but sometimes the company performing the home delivery of goods also needs such data. SCORPIO Kft. will store its customers’ personal data for the period of time required to fulfil the order and for longer if this is necessary to fulfil other requirements related to the order.
In view of the above, in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the ‘GDPR’), we provide the following information.
This Privacy Policy regulates the data processing of the following website:
www.SCORPIO.hu
The Privacy Policy is accessible on the following page: link
Any amendments to this Policy will enter into force upon publication on the above page.
Contact details of the data controller:
Company name: SCORPIO Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
Abbreviated company name: Scorpio Kft.
Registered office: 1037 Budapest, Pomázi út 15.
Address of premises – shop: 1037 Budapest, Pomázi út 15.
Tax number: 12194432-2-41
Company registration number: 01-09-710253
Data processing registration number: NAIH-56149/2012
Issuing company court, Record office: Company Registry Court of Budapest-Capital Regional Court
Language of the contract: Hungarian
E-mail address: info@scorpio.hu
Telephone number: +36 (1) 320 -2100
Fax number: 06 1 349 7571
Name of shipping partner(s): GLS Kft. or ad-hoc shipper
Option for collection in person: 1037 Budapest, Pomázi út 15.
Orders are processed on weekdays between 8 am and 5 pm
Average time for fulfilling orders in working days: 1 to 3 working days
Webshop domain: www.scorpio.hu
Definitions
Principles relating to processing personal data
Personal data must be:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes must, in accordance with Article 89(1) of the GDPR, not be considered to be incompatible with the initial purposes (‘purpose limitation’);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
The controller is responsible for and must be able to demonstrate compliance with the above (‘accountability’).
Data processing
Data processing related to the operation of the webshop
Personal data |
Purpose of data processing |
User name |
Making identification, registration possible. |
Password |
To ensure secure log-in to the user’s account. |
Surname, given name |
Required in order to establish contact, to make a purchase and to duly issue an invoice. |
E-mail address |
Communication. |
Telephone number |
Communication, effectively checking issues related to invoicing or delivery. |
Invoicing name and address |
To duly issue an invoice, to conclude the contract, to define or amend its contents, to monitor its fulfilment, to invoice resultant fees and to enforce related claims. |
Name and address for delivery |
To enable home delivery. |
Date of purchase/registration |
To carry out the technical transaction. |
IP address at the time of purchase/registration |
To carry out the technical transaction. |
Neither the user name nor the e-mail address needs to contain any personal data.
The accounting documents underlying the accounting records directly or indirectly (including ledger accounts, analytical records and registers) shall be retained for a minimum of eight years, and shall be legible and retrievable by means of the code of reference indicated in the accounting records.
Postal address: 1037 Budapest, Pomázi út 15.
E-mail address: info@scorpio.hu
Telephone number: +36 (1) 320 2100
Legal basis of data processing:
6.1.the data subject’s consent, Article 6(1)(a) of the GDPR, Section 5(1) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (‘Privacy Act’),
6.2.Section 13/A(3) of Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (‘Electronic Commerce Act’):
[...] for the purpose of providing the service, the service provider may process personal data which are strictly necessary for the performance of the service for technical reasons. If the other conditions are met, the service provider shall at all times select and operate the means applied in the provision of an information society service ensuring that personal data are only processed provided this is strictly necessary for the performance of the service or in order to achieve other objectives set out in this Act, but only to the extent and for such time as is necessary.
6.3.if an invoice compliant with accounting legislation is issued, Article 6(1)(c) of the GDPR.
Data processors used
Shipment
GLS Kft. or ad-hoc shipper
Name of courier service
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Address: 2351 Alsónémedi, GLS Európa u. 2.
E-mail address: info@gls-hungary.com
Company registration number: 13-09-111755
Tax number: 12369410-2-44
EU VAT registration number: HU12369410
name and address for delivery, telephone number, e-mail address.
Hosting provider
Name of hosting company: EVOLUTIONET Szolgáltató és Kereskedelmi Kft.
Registered office/address of hosting provider: 7342 Mágocs, Széchenyi utca 75.
E-mail address of hosting provider: info@evolutionet.hu
Use of cookies
Cookie type |
Legal basis of data processing |
Duration of data processing
|
Range of data processed |
Session cookies |
Section 13/A(3) of Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (the ‘Electronic Commerce Act’) |
The period until the end of the relevant visitor session |
connect.sid |
There are numerous ways to manage cookies:
You will find information on how to set cookies for the most popular browsers below:
Use of Google AdWords conversion tracking
Use of Google Analytics
Newsletter, DM activity
Personal data | Purpose of data processing |
Name, e-mail address | Making identification, and subscription to the newsletter possible. |
Date of subscription | To carry out the technical transaction. |
IP address at the time of subscription | To carry out the technical transaction. |
Postal address: 1037 Budapest, Pomázi út 15.
E-mail address: info@scorpio.hu
Telephone number: +36 (1) 320 2100
Advertisers, advertising service providers and publishers of advertising shall maintain records on the personal data of persons who provided the statement of consent to the extent specified in the statement. The data contained in the aforesaid records relating to the recipient of the advertisement may be processed only in accordance with the statement of consent until consent is withdrawn and may be disclosed to third parties only with prior consent of the person concerned.
Complaint handling
Personal data | Purpose of data processing |
Surname, given name | Identification, communication. |
E-mail address | Communication. |
Telephone number | Communication. |
Invoicing name and address | Identification, handling objections about the quality of ordered products, as well as questions and problems. |
Postal address: 1037 Budapest, Pomázi út 15.
E-mail address: info@scorpio.hu
Telephone number: +36 (1) 320 2100
Social media sites
Customer relations and other data processing
Postal address: 1037 Budapest, Pomázi út 15.
E-mail address: info@scorpio.hu
Telephone number: +36 (1) 320 2100
The data subject’s rights:
You are entitled to obtain confirmation from the data controller as to whether your personal data are currently being processed and, if that is the case, you are entitled to access your personal data and the information specified by law.
You are entitled to have your data rectified due to any inaccuracy by the data controller at your request without undue delay. Considering the purpose of the data processing, you are entitled to request that incomplete personal data are completed, including by means of providing a supplementary statement.
You are entitled to have your personal data erased by the data controller at your request without undue delay and the controller is under an obligation to erase relevant personal data without undue delay when certain conditions exist.
If the data controller has disclosed personal data which it is obliged to erase, it will take reasonable steps, including technical measures, taking account of available technology and the cost of implementation, to inform data controllers processing your data that you have requested the erasure of links to the relevant personal data or of copies of those personal data.
You are entitled to request the data controller to restrict the processing of your data where one of the following conditions applies:
You are entitled to receive your personal data, which you have provided to a data controller, in a structured, commonly used and machine-readable format and to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided.
You are entitled to object to the processing of your data on grounds relating to your particular situation at any time, including profiling based on the aforementioned provisions.
Where personal data are processed for direct marketing purposes, you are entitled to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for such purposes.
You are entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The previous paragraph will not apply if the decision
Deadline for taking measures
The data controller will inform you of the measures taken in response to the above requests without undue delay and in any event within 1 month of receipt of the request.
If necessary, this period may be extended by 2 months. The data controller will inform you of any such extension together with the reasons for the delay within 1 month of receipt of the request.
If the data controller does not take action in response to your request, it will inform you of the reasons for not taking action without undue delay but within one month of receipt of the request at the latest, and advise you of the option of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Security of data processing
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the data controller and the data processor must implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
a) the pseudonymisation and encryption of personal data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident;
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Communication of a personal data breach to the data subject
When a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the data controller must communicate the personal data breach to the data subject without undue delay.
The communication to the data subject must describe in clear and plain language the nature of the personal data breach, and communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; describe the likely consequences of the personal data breach, and describe the measures taken or proposed to be taken by the data controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
The data subject does not have to be informed if any of the following conditions are met:
If the data controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so.
Notification of a personal data breach to the supervisory authority
In the case of a personal data breach, the data controller will without undue delay and, where feasible, not later than 72 hours after having become aware of it notify the personal data breach to the competent supervisory authority in accordance with Article 55 of the GDPR unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it must be accompanied by reasons for the delay.
Right to complaint
In the event of the data controller’s potential infringement of the law, a complaint may be lodged to the Hungarian National Authority for Data Protection and Freedom of Information:
Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Telephone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Endnote
In compiling this Privacy Policy, the following laws have been taken into account:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Act CXII of 2011 on informational self-determination and freedom of information (‘Privacy Act’)
- Act CVIII of 2001 on certain aspects of electronic commerce and information society services (particularly Section 13/A)
- Act XLVII of 2008 on the prohibition of unfair commercial practices against consumers
- Act XLVIII of 2008 on the basic requirements of and certain restrictions on commercial advertising activity (particularly Section 6)
- Act XC of 2005 on the freedom of electronic information
- Act C of 2003 on electronic communications (in particular Section 155)
- Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising
- Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the data protection requirements of preliminary information
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Dated: Budapest, May 24, 2018
__________________________
SCORPIO Kft.
Mrs Júlia Farkas Seres,
Managing Director