Data Management Information

Contents

  1. What is the purpose of the prospectus?
  2. Data of the Controller
  3. What data management processes are taking place on the Website?
  4. What rights do Users have?
  5. Our procedure for an application for exercising your rights
  6. Possible recipients of personal data, processors
  7. Security
  8. Cookies
  9. Other provisions
  10. Attachments

  1. What is the purpose of the prospectus?

We accept this Notice for the purpose of providing all relevant information and information to representatives of natural persons and legal persons using our services (hereinafter referred to as "Users") in a concise, transparent, comprehensible and easily accessible manner, in a clear and comprehensible manner, and to assist Customers in exercising their rights under section 4.

Our obligation to inform is based on Regulation No 2016/679 of the European Parliament and Council (EU) (hereinafter referred to as the "GDPR") 

The Prospectus is prepared in the light of the GDPR and additional legislation relevant to each data processing. The list of legislation is set out in Annex 1 to the Prospectus and the main concepts are described in Annex 2.

In designing and applying this prospectus, we have acted in the light of the findings of the European Data Protection and Freedom of Information Authority recommendation on data protection requirements of the Prior Information And Article 5 of the GDPR, in particular in the spirit of the principle of accountability in Article 5(2).


  1. Data of the Controller

Név: BioLife

Weboldal: https://www.biobiz.eu

Cégjegyzékszám: 10000001

Székhely: Europe

E-mail: info@biobiz.hu

 

  1. What data management processes are taking place on the Website?

In this section, we will detail the essential circumstances of each data processing that the GDPR and other sectoral legislation require of each controller.


3.1. Data processing related to the sending of newsletters


In order to provide up-to-date information to visitors to our Website, it is possible to subscribe to our newsletter. The following information applies to the processing of data in this respect: 


3.1.1. Purpose of processing personal data and processing

Personal data: name, email address

Purpose of data management: by entering this information we can address the User in our newsletter and by specifying this we can know the User's electronic contact information, to which we can send our newsletter

 

3.1.2. Legal basis for data processing

User's contribution (Article 6(1)(a) of the GDPR.


3.1.3. Duration of data processing

The personal data provided will be processed until consent is withdrawn. The User can withdraw his consent at any time by clicking on the "Unsubscribe" button in the sent letter.


3.1.4. Method of data processing

In electronic form.


3.2. Processing of data related to contact


You can contact us through our website for any purpose. Details of the related processing are shown below.


3.2.1. Purpose of processing personal data and processing

Personal data: name, email address, telephone number

Purpose of data management: Identification of the user, contact the User at an e-mail address , contact the User by telephone number. kapcsolatfelvétel a Felhasználóval.


 3.2.2. Legal basis for data processing

Statutory data management; In the light of Article 6(1)c and (2) of the GDPR.


3.2.3. Duration of data processing

1 year after contact. 


3.2.4. Method of data processing

In electronic form.



3.3. Processing of data on orders


It is possible to order various products on our website. The associated data processing is described in this section.


3.3.1. Purpose of processing personal data and processing

Sdeep data: name, address (zip code, city, street name, house number together), telephone number, email address.

Purpose of data management: during the execution of the order we can identify the customer of the product by entering the name, address (postcode, city, street name, street name, house number together) we can send the ordered product by post to the specified address, contact the customer by telephone and inform ing the details of the order, the e-mail address with the customer and information about the details of the order.

 

3.3.2. Legal basis for data processing

Performance of a contract between the Data Controller and the User (Article 6(1)(b)) GDPR) 

If the customer is a legal person, the legal basis for the processing of the above personal data of his contact person is the legitimate interest of the controller and the customer (Article 6 (1) (f)) GDPR). It is in the legitimate interest of both parties to communicate effectively during the order and to provide information to each other's designated representatives of any relevant circumstances affecting the contract between us. The right of the customer's contact person to self-determination cannot be established because his job or contractual obligation is to facilitate communication between the parties and to provide his personal data for this purpose.


3.3.3. Duration of data processing

Subject to legal rights we store the personal data provided for the above purposes for 5 years after the order has been fulfilled. 


3.3.4. Method of data processing

In electronic form.


3.3.5. Provision of personal data

Due to the fact that we cannot fulfill orders without knowing the personal data contained in this section, the provision of personal data is subject to the conclusion of a contract.


3.4. Data processing related to the issuing of invoices


After the orders have been fulfilled, an accounting document is issued. Details of the related data processing are shown below.


3.4.1. Purpose of processing personal data and processing

Personal data: name, address. The purpose of thedatmanagement isto support the accounting accounting of the execution of the order (economic event), address/self-employed home (postcode, city, street name, house number together) in support of accounting accounting for the execution of the order (economic event).


 3.4.2. Legal basis for data processing

Subject to statutory data management (Subject to Article 6(1)c of the GDPR.


3.4.3. Duration of data processing

For 8 years after the accounting document has been issued.


3.4.4. Method of data processing

In electronic form.


3.4.5. Provision of personal data

In view of the fact that we are unable to issue an accounting document without knowing the personal data contained in this section, the provision of personal data is based on law.


3.5. Customer service data processing


We maintain customer service on our Website to answer users' questions and investigate any complaints.


3.5.1. Purpose of processing personal data and processing

Personal data: name, email address, telephone number. Thepurpose of thedat management is to identify the User, to provide contact and information with the User,to provide contact and information withthe User, the telephone number to communicate and provide information to the User

 3.5.2. Legal basis for data processing

Statutory data management; Subject to Article 6(1)(c) and (2) of the GDPR.


3.5.3. Duration of data processing

For a period of 5 years from the date of receipt of the complaint.


3.5.4. Method of data processing

In electronic form.


3.6. Registration-related data processing


It is possible to register on our website for various discounts (faster ordering, recording multiple shipping addresses, viewing order history, tracking order status, use of wish list). Details of related data processing are shown below:


3.6.1. Purpose of processing personal data and processing

Personal data: name, email cíym, phone number, password. Purpose of data management: Identification of user, provision of additional information for orders with address, e-mail address contact with the User, contact with the Userby telephone phone number , perform technical operations with the user.

 

3.6.2. Legal basis for data processing

Statutory data management; In the light of Article 6(1)c and (2) of the GDPR.


3.6.3. Duration of data processing

Until deleted at the user's request. If the User does not use his/her account, his/her profile will be deleted 5 years after the last order.


3.6.4. Method of data processing

In electronic form.


3.7. Data processing related to gift vouchers


On our website, Users have the option to purchase and redeem gift cards for third parties (Recipients). Details of related data processing are shown below:


3.7.1. Purpose of processing personal data and processing

Personal data: user's name, email address, recipient's name, recipient's email address. Purpose ofdatmanagement : user name foruser identification, user-user email address to contact user, Recipient's name to identify Recipient, Recipient's e-mail address to deliver voucher to Recipient. a f

 

3.7.2. Legal basis for data processing

In respect of the User, our data management is based on law; In the light of Article 6(1)c and (2) of the GDPR.

With regard to the Recipient, our processing is based on various legitimate interests (Article 6(1)(f)) of the GDPR); we have a legitimate interest in the User successfully gifting the Recipient with the voucher. Without knowing the Recipient's personal data, we would not be able to perform our service without proper information. The User also has a legitimate interest in the processing of the recipient designated by him or her to take advantage of the gift voucher. Since the Recipient also has a legitimate interest in the use of preferences, unjustified restrictions on the right to information and the private sector cannot be established in the context of the processing. 


3.7.3. Duration of data processing

We will delete the User's personal data at your request. If the Recipient does not use the gift voucher, his/her personal data will be deleted 1 year after the voucher is issued.


3.7.4. Method of data processing

In electronic form.


  1. What rights do Users have?

It is important for us that our data management meets the requirements of fairness, legality and transparency. In light of this, we will briefly describe each of the rights concerned in this section and explain them in more detail in Annex 3 to the prospectus.

Our user may request free information about the processing of his/her personal data and, in statutory cases, request that it be rectified, deleted, blocked or restricted from processing, and may object to the processing of such personal data. You can address the request for information and the requests in this section to our contact details in section 2 of our User.


4.1. Right of access

Our user may receive feedback from us about the processing of your personal data and access to this personal data and details of their processing.


4.2. Right to rectification

At the request of our user, we will correct inaccurate personal data about it without undue delay and may request the addition of incomplete personal data, including through an additional statement.


4.3. Right to erasure

At the request of our user, we will delete personal data relating to it if we do not need to process it, or withdraw your consent, or object to the processing, or if their processing is unlawful.


4.4. Right to fortake

We will endeavour to notify any data controller who may have known or obtained the data of our User who may have been made aware of the user's request for deletion, if requested.


4.5. Right to restrict data processing

We restrict data processing at the request of our user if the accuracy of the personal data is disputed or the processing is unlawful, or if our User objects to the processing, or if we no longer need the personal data provided.


4.6. Right to data portability

Our user may receive or transmit the personal data relating to him in a articulated, widely used, machine-readable format to another controller.


4.7. Response to the request

The application shall be examined as soon as possible and not more than 30 days from the date of submission, 15 days in the event of a protest, and a decision will be taken on the merits of it, which will be communicated in writing to the applicant. If we do not comply with our User's request, we will provide you with the factual and legal reasons for rejecting the request.


4.8. Remedies

We care about the protection of personal data and respect the user's right to information, so we try to respond to all requests in a fair manner and within the time limit. With this in mind, we ask that you contact us in order to resolve any conflicts that have arisen peacefully before making any public and judicial claims.

If the request does not result, our User

  • enforce your rights before a court. The trial may also be brought before a tribunal competent for the place of residence or residence of our User.
  • az Infotv.-ben foglaltak szerint a Nemzeti Adatvédelmi és Információszabadság Hatósághoz (cím: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; telefon: +36-1-391-1400; fax: +36-1-391-1410; e-mail: [email protected]; honlap: https://www.naih.hu/panaszuegyintezes-rendje.html; online ügyindítás: https://www.naih.hu/online-uegyinditas.html; a továbbiakban: NAIH) fordulhat és panaszt tehet.

  1. Our procedure for an application for exercising your rights

5.1. Notifying recipients

Corrections, deletions and data retention restrictions are always notified to the recipients with whom we have disclosed the User's personal data, unless this has proved impossible or requires a disproportionate effort. At the request of the User, we provide information about these recipients.


5.2. How to provide information, deadline

Information on the measures taken following the requests under point 4 will be provided in electronic form no more than one month after receipt of the request, unless the User so requests. This period may be extended by a further two months if necessary, in view of the complexity of the application or the number of applications. The extension of the time limit will be communicated to the User within one month of receipt of the request, indicating its reasons.

Oral information may be provided at the request of the User, provided that he proves his identity by other means.

If we do not act on the request, we will inform the User of the reasons for this and that he may lodge a complaint and exercise his right of judicial remedy no later than one month after receiving it.


5.3. Control

In exceptional cases, if we have reasonable doubts about the identity of the natural person submitting the application, we ask that additional information be provided to confirm your identity. This measure is necessary to facilitate the confidentiality of data processing as defined in Article 5(1)(f) of the GDPR, i.e. to prevent unauthorised access to personal data.


5.4. Costs of information and action

The information provided on the application for point 4 and the measures taken on that basis shall be provided free of charge.

If the User's request is clearly unfounded or excessive, in particular because of its repetitive nature, we will charge a reasonable fee, taking into account the administrative costs of providing the information or information requested or taking the measure requested, or we will refuse to take action on the basis of the request.


  1. Possible recipients of personal data, processors

6.1. In connection with the operation of the website

The personal data provided during your use of the Website is accessed by the hosting service provider as a data processor.

Name:Shopify

Availability: www.shopify.com


6.2. In the context of the sending of a newsletter

The Website is used to send a newsletter newsletter software, operated by the data processor we use. The data of the processor is as follows:

Name: Shopify

Availability: www.shopify.com


6.3. In the context of a Chat service

The operator of the chat service used to use the Website may also have access to the personal data of the Users as a data processor.

Name:Shopify 

Contact: wwwe.shopify.com


6.4. In connection with the delivery of ordered products

In order to deliver the ordered products, we use courier companies as data processors. The data of processors is as follows:

6.4.1.

Name: GLS

Contact: www.gls.com 


6.4.2.

Name: Hungarian Post Office

Contact: www.posta.hu


6.5. In connection with the payment of an order fee

The fee for the order can be paid through the data processing interface of a banking service provider.

Name: KH Bank

Contact details: www.kh.hu


6.6. Social media

Weboldalunk több közösségi média felülettel is rendelkezik (például Facebook, Linkedin Twitter, Google+, Instagram, You Tube); így ha például a Felhasználó „kedveli” az oldalunkat Facebookon, vagy „követ” bennünket Twitteren, megismerünk minden, profiljához tartozó és nyilvánosság számára elérhető személyes adatot. Ezeken az oldalakon felmerülő adatkezelésekről az adott szolgáltató saját adatkezelési szabályzatában találhatóak releváns információk. 


6.7. In connection with the issue of invoices

In connection with invoicing, the tax authority has the right to know the personal information provided by users for this purpose in the course of its activities. Tax authority information:

Name: NAV

Website, contact details: https://www.nav.gov.hu/nav/kapcsolat 


  1. Security

The user's personal data is the right of us and the employees of the processors to the extent necessary for the performance of their duties. We take all security, technical and organisational measures to ensure the security of your data. 

7.1. Organisational measures

We allow access to IT systems with person-to-person privileges. The "principle of necessary and sufficient rights" applies to the allocation of access, i.e. all employees can use our IT systems and services only to the extent necessary for the performance of their duties, with the corresponding rights and for the time required. Access to IT systems and services shall be granted only to persons who are not restricted for security or other reasons (e.g. conflicts of interest) and have the necessary professional, business and information security knowledge to use them securely. 

We and the processors have strict confidentiality rules in a written statement and are required to act in accordance with confidentiality rules in the course of our activities. 

7.2. Technical measures 

Except for the data stored by our processors, we store the data in a data center on our own devices. The IT tools that store the data are stored in a separate closed server room, protected by a multi-step access control access system. 

We protect our internal network with multi-level firewall protection. There is always a hardware firewall (border protection tool) at the access points of the public networks used. We store your data redundantly – in multiple places – to protect it from destruction, loss, damage, and unlawful destruction resulting from it device failure. 

Protect your internal networks from external attacks with multi-level, active, complex malware protection (e.g. virus protection). For the IT systems and databases we operate, we implement the necessary external access over an encrypted data connection (VPN). 

We do our best to ensure that our IT tools and software are consistent with the technology solutions generally accepted in market operation. 

In our development, we develop systems where logging can control and track actions that are performed, and detect incidents such as unauthorized access. 

Our server is located on the dedicated dedicated server of the hosting provider, protected and closed.

We use https protocol on the website, which means a higher level of data security compared to http protocol.


  1. Cookies

In order to ensure the proper functioning of our website, in some cases small data files are placed on the User's computer device, as in most modern websites.

8.1. What is a cookie?

A cookie is a small text file that the website places on the User's computer device (including mobile phones). Thanks to this, the website can "remember" the User's settings (e.g. language used, font size, display, etc.), so you do not have to reconfigure it every time you visit our website.


These cookies may be deleted or blocked, but in this case the Website may not function properly.

We do not use cookies to personally identify the User. These cookies are for the purposes described above only.

8.2. Google Analytics 

  1. The Website uses The Google Analytics app, a web analytics service of Google Inc. ("Google"). Google Analytics uses so-called "cookies" and text files that are saved to your computer to help analyze your user's use of a web page.
  2. Information generated by cookies related to the website used by you is usually sent to and stored on a Google server in the USA. By activating IP anonymisation on the website, Google shortens the User's IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.
  3. The transfer and shortening of the full IP address to a Google server in the USA will only take place in exceptional cases. On our behalf, Google will use this information to evaluate how the User has used the website, to provide reports related to website activity to us and to provide additional services related to website and Internet usage.
  4. Within the framework of Google Analytics, the IP address transmitted by the User's browser does not confuse it with other Google data. You can prevent the storage of cookies by setting your browser accordingly, however please note that in this case, not all functions of this website may be fully usable. You may also prevent Google from collecting and processing your cookie data (including your IP address) by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=h

8.3. How can cookies be handled?

Cookie files can be deleted (detailed information: www.AllAboutCookies.org) or can be blocked by most of today's browsers. However, in this case, some settings must be re-made each time you use our website, and some features may not work.

Detailed information on the deletion and blocking of cookies can be found on the www.AllAboutCookies.org and on the browser used by the User at the contact details of the following search engines:

  • Firefox
  • Google Chrome
  • Microsoft Internet Explorer 11
  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 9
  • Microsoft Internet Explorer 8
  • Safari 9
  • Safari 8
  • Safari 6/7
  • Opera

  1. Other provisions

9.1. Data collection on activity

We may collect data about the activity of users that cannot be linked to other data provided by the User at the time of registration or to data generated when using other websites or services.


9.2. Processing for different purposes

If we wish to use the data provided for purposes other than the purpose of the original survey, we will inform the Users and obtain their prior express consent or give them the opportunity to prohibit the use.


9.3. Obligation to register

We keep a record of the processing activities under our responsibility (data management activity register) in accordance with Article 30 of the GDPR.


9.4. Data Breach

A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to the personal data processed. In the event of a data breach, we are obliged to act in accordance with Articles 33 and 34 of the GDPR. We record data breaches, including facts related to the data breach, its impact, and the measures taken to remedy it.


9.5. Amendment

We are entitled to unilaterally modify this Notice at any time.


Effective: 2020. June 01

BioLife - Adatkezelő




  1. Annex No 10

Relevant legislation


In designing the Prospectus, the Data Controller has taken into account the relevant applicable legislation and the relevant international recommendations, in particular: 

  • Regulation (EU) No 2016/679/EU of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC of 27 April 2016 of the European Parliament and of the Council (GDPR); 
  •  
  •  
  •  
  • a számvitelről szóló 2000. évi C. törvény (Számv. tv.);
  • The European Consumer Protection Act
  • az elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefüggő szolgáltatások egyes kérdéseiről szóló 2001. évi CVIII. törvény (Elkertv.)

  1. Annex No 10

Concepts related to the processing of personal data


  • controller: the legal person which determines the purposes and means of processing personal data; 
  • data processing: any operation or set of operations carried out on personal data or data in an automated or non-automated manner, such as collection, recording, sorting, outline, storage, alteration or alteration, by means of query, insight, use, communication, transmission, dissemination or other means of making available, alignment or interconnection, restriction, deletion or destruction; 
  • 'transfer' means making the data available to a specific third party; 
  • data deletion: making data unrecognizable in such a way that it is no longer possible to recover it; 
  • 'data designation' means the marking of the data with a view to distinguishing it; 
  • limitation of data processing: marking stored personal data with a view to limiting their future processing; 
  • data destruction: complete physical destruction of the data medium; 
  • processor means the legal entity which processes personal data on behalf of the controller; 
  • "consignee" means any natural or legal person, public authority, agency or any other body to whom personal data is communicated, whether or not third parties; 
  • cookie: a small data package (text file) sent by the web server and placed on the user's computer for a specified period of time, which, depending on its nature, may be supplemented by the server on new visits, i.e. if the browser returns a previously saved cookie, the service provider handling the cookie may link the user's current visit to the previous one, but only in respect of his or her content; 
  • person concerned/user: identified or identifiable natural person; identify a natural person who can be identified, directly or indirectly, in particular by an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;
  • 'third party' means any natural or legal person, public authority, agency or any other body which is not the same as the data subject, the controller, the processor or the persons authorised to process personal data under the direct direction of the controller or processor; 
  • the consent of the data subject: a voluntary, concrete and informed and unambiguous expression of the will of the data subject by which the statement concerned or an act of unmistakably expressing confirmation indicates that he or she consents to the processing of personal data concerning him or her; 
  • IP address: in all networks in which communication is carried out according to the TCP/IP protocol, the server machines have an IP address, i.e. an identification number, which enables the identification of those machines over the network. It is known that all computers connected to the network have an IP address through which they can be identified. 
  • personal data: any information relating to the data subject.; 
  • objection: a statement by the data subject objecting to the processing of his/her personal data and requesting that the processing be terminated or the data processed deleted. 
  1. Annex No 10

Rights affected



Access 

The User has the right to have access to the personal data we process at one of our contact details. In this context, the User is informed of: 

  • whether your personal data is being processed;
  • the purposes of the processing;
  • categories of personal data concerned;
  • categories of recipients or recipients to whom personal data have been communicated or will be communicated;
  • the intended duration of storage of personal data;
  • rights;
  • remedies;
  • information on data sources. 

The User may also request that a copy of the personal data for which the data are processed be made available. In this case, personal data will be provided on paper in an articulated, widely used computer-readable format (PDF/XML) or in its printed version. Requesting a copy is free of charge. 


Correction 

The User is entitled to request the rectification of inaccurate personal data we process and to supplement the incomplete data, based on a request submitted through our contact details. If we do not have the information necessary to clarify or supplement the non-truth information, we may ask for the submission of this additional information and proof of accuracy of the data. As long as the clarification and supplementation of the data cannot be carried out in the absence of additional information, we shall restrict the processing of the personal data concerned and shall temporarily suspend the operations carried out on it, with the exception of storage. 

Delete 

The User has the right to request the deletion of personal data we process, on the basis of a request submitted through our contact details, if one of the following conditions exists: 

  • we no longer need that data;
  • concerns about the legality of the processing of your data by us. 

If we determine, upon the request of the User, that we are required to delete the personal data we process, we will terminate the processing of the data and destroy the personal data previously processed. In addition, the obligation to delete personal data may be subject to withdrawal of consent, the exercise of the right to object and legal obligations. 


Restrictions on data processing 

Upon request through our contact details, the User has the right to request a restriction on the processing of personal data relating to him or her in the following cases: 

  • there are concerns about the legality of the processing of personal data we process and requests a restriction instead of deleting the data;
  • we no longer need the data, but the User requires it to submit, enforce or defend legal claims. 

We automatically restrict the processing of personal data in the event that the User disputes the accuracy of the personal data or if the User exercises the user's right to object. In this case, the restriction shall apply to the period of time which allows the accuracy of the personal data to be verified or, in the event of an objection, the determination of whether there are any consequences for the continuation of the processing. 

During the limitation period, data processing operations on flagged personal data may not be carried out, only the data can be stored. Personal data may only be processed if the processing is restricted in the following cases: 

  • on the basis of the consent of the data subject;
  • the submission, enforcement or protection of legal claims;
  • protection of the rights of other natural or legal persons;
  • important public interest. 

Users will be informed in advance of the restriction's lifting. 



Data portability 

Upon request through our contact details, the User is entitled to request the provision of personal data relating to him or her processed by us for their further use as determined by the User. In addition, the User may request that we transfer his personal data to another controller designated by him or her. 

This right is limited to personal data provided to us by the User for the purpose of fulfilling his contract. Portability of other data is not possible. Personal data will be provided by the User on paper basis in a printed, widely used, computer-readable format (PDF/XML) and in its printed version. 

We inform the User that the exercise of this right does not automatically entail the deletion of personal data from the systems. In addition, the User is entitled to re-contact or contact us after the data has been carried. 


Protest 

The User may object at any time on the basis of a request submitted through our contact details against the processing of your personal data for registration purposes. In this case, the Data Controller shall examine whether the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the User or which relate to the submission, enforcement or defence of legal claims. If we determine that such reasons exist, we will continue to process your personal data. Otherwise, we will no longer process your personal data.