Data Protection and Data Management Policy of Olimpia
This Data Protection
and Data Management Policy (hereinafter referred to as the “Policy”) aims at
stating the data protection and data processing principles and the company’s
data protection and data processing policy implemented by Olimpia Kerékpár Kft,
as the operator of the website under the domain name www.gepida.hu (hereinafter referred to as the “Website”) in the
course of providing its services via the Website, which are admitted by the
company as binding. Please read this Policy carefully before using the Website.
Data Controller and Data Processor
The data are controlled
by Olimpia Kerékpár Gyártó-, Kereskedelmi és Szolgáltató Korlátolt
Felelősségű Társaság, which operates the Website (hereinafter referred to as
the “Data Controller”).
Registered office: 1164
Budapest, Ostorhegy u 4.
Represented by: Mr.
György Berkes, executive manager
Registration number of
data management for direct marketing use (newsletters): NAIH-85152/2015
Registration number of
data management for public opinion poll or market research use: NAIH-85153/2015
Registration number of
data management for operating the “Contact Us” function: NAIH-85292/2015
The data are
processed by GrApixx Hosting
Kft (registered office: 8600 Siófok, Aradi Vértanúk útja 36.), acting for and
on behalf of the Data Controller. The Data Controller also employs Mind Center
(registered office: 1135 Budapest, Hun utca 2.) as a data processor for
carrying out public opinion polls and market researches and consumer surveys.
The Data Controller reserves its rights to involve additional data processors
in the data management in future, about which it will inform the visitors of
the Website (the “User”) through amending this Policy.
Personal data shall mean data
relating to the data subject, in particular by reference to the name and
identification number of the data subject or one or more factors specific to
his physical, physiological, mental, economic, cultural or social identity as
well as conclusions drawn from the data in regard to the data subject.
Objection shall mean a statement
of the data subject objecting to the management of his personal data and requesting
the termination of data processing and deletion of his data processed;
Data management shall mean any
operation or the totality of operations performed on the data, irrespective of
the procedure applied; in particular, collecting, recording, registering,
classifying, storing, modifying, using, querying, transferring, disclosing,
synchronising or connecting, blocking, deleting and destructing the data, as
well as preventing their further use, taking photos, making audio or visual
recordings, as well as registering physical characteristics suitable for
personal identification (such as fingerprints or palm prints, DNA samples, iris
Data transfer shall mean making the
data accessible to a specific third partner;
Disclosure shall mean making the data accessible to any person;
Data deletion shall mean making the
data unrecognizable in such a way that it is impossible to restore them;
Blocking of data shall mean marking data
with a special ID tag to indefinitely or definitely restrict their further
destruction shall mean complete physical
destruction of the data carrier recording the data;
Data processing shall mean performing
technical tasks in connection with data management operations, irrespective of
the method and means used for executing the operations, as well as the place of
execution, provided that the technical task is performed on the data;
mean any natural or legal person or organisation without legal personality
processing the data on the grounds of a contract, including contracts concluded
pursuant to legislative provisions.
Users may provide information and data about themselves in two ways:
Through personal data
the User explicitly provides or makes available during registration on the Website,
registration for the web store, registration for the Perpetual Warranty
Programme, subscription to the newsletter or in the course of using the
“Contact Us” function (see Chapter III).
made available to the Data Controller by visiting the Website and in connection
with the use thereof (see Chapter IV).
Handling of Data Explicitly Provided by the Users
1.) The Scope of Controlled Data
In connection with the services provided, the Data Controller controls
the following data of the Users:
In case of
registration on the Website
The User may
register on the Website (http://www.gepida.hu/Tamogatas/Regisztracio2),
which requires providing the following data:
on the Website, the scope of other data processed by the Data Controller
includes the date and time of registration.
In case of
registration for the Web Store
the Web Store is only allowed for our authorized partners. Subscription to the
Web Store and cancelling such subscription is controlled centrally. Here, the
system stores the following data:
In case of
registration for the Perpetual Warranty Programme
Registration for the Perpetual Warranty Programme (http://www.gepida.hu/Tamogatas/Kerekpar-regisztracio) requires providing the following data:
The model of the
The owner’s name
The owner’s e-mail
Place of purchase
Date of purchase
Number of document
certifying the purchase (invoice, receipt)
for the Perpetual Warranty Programme, the scope of data processed by the Data
Controller includes the date and time of registration.
In case of
subscribing to newsletters
On the Website, the User can subscribe to the special newsletters of Olimpia
Kerékpár Kft only, on dedicated interfaces (http://www.gepida.hu/Tamogatas/Hirlevel, and at the bottom of
the website) Subscription to newsletters requires providing the
When subscribing to newsletters, the scope of data processed by the Data
Controller includes the date and time of subscription, and consent to direct
In case of using
the “Contact Us” function
By using the “Contact us” function, the User can send a message to the
customer service of Olimpia Kerékpár Kft. For sending a message, the
following data must be provided:
Other personal data
that might be included in the message
When sending a message, the scope of data processed by the Data
Controller includes the date and time of sending the message.
Only persons aged over 16 are entitled to
submit any data on the Website.
2.) Purpose and Term of Data Management
The Data Controller
uses the above-listed data for the following purposes:
In case of registration
on the Website, ensuring certain extra functions
on the Website (momentarily, only showing the product prices). Sending
newsletters, or carrying out public opinion polls or market researches (via the
newsletters or telephone interviews) or consumer surveys if the User explicitly
In case of registration
for the Web Store, recording and
fulfilment of orders placed via the Website, delivery of products ordered,
maintain contacts in relation to the orders, making out invoices, and meeting
accounting obligations. Sending newsletters (to the e-mail address of our
traders’ company) about news affecting various traders and information about
In case of registration
for the Perpetual Warranty Programme, fulfilment of
the warranty assumed by Olimpia Kerékpár Kft, recording Users entitled to
enforce warranty, and sending newsletters, or carrying out public opinion polls
or market researches or consumer surveys (via the newsletters or telephone
interviews) if the User explicitly agrees thereto (hereinafter referred to as “Market
In case of subscribing
to newsletters, sending electronic newsletters,
advertising messages, public opinion poll or market research-related messages
popularizing the products, services and promotions of Olimpia Kerékpár Kft
(hereinafter jointly referred to as the “Newsletters”);
In case of using the
“Contact Us” function, establishing and
maintaining contact with the User, and giving reply to the User’s messages.
Data Controller may process any personal data for the length of time the
purpose of data management persists, or until the User requests deletion of his
data or withdraws his consent.
3.) Legal Grounds for Processing Personal Data
By registration on the
Website or for the Perpetual Warranty Programme or for the Web Site, or by
subscribing to the Newsletter, or by sending a message via the “Contact Us”
function, the User confirms his reading and understanding of this Policy, and
agrees to be bound by any provisions laid down therein, and, based on his
information, freely and expressly consents to the Data Controller’s processing
of his data in accordance with the provisions of this Policy. The personal data
are processed on the basis of the User’s free consent, which the User has given
based on information included herein.
The User declares that all data the User has provided are true and do not
violate other persons’ personal rights. Should the User provide another person’s personal data, the User shall
be obliged to obtain the consent of the person concerned thereto.
In specific cases,
processing, storage and transfer of certain data provided is required by legal
regulations, of which the Data Controller always notifies the data subjects.
4.) Parties Authorized to Access the Data
The Data Controller and
the Data Processors employed by the Data Controller are entitled to access the
personal data in accordance with the applicable laws.
Unless expressly laid
down in legal provisions, the Data Controller may only transfer data suitable
for personal identification to a third party after obtaining the User’s
explicit consent thereto.
5.) The User’s Rights Relating to His Data Processed
so requested by the User, the Data Controller shall provide information about
the User’s personal data processed by the Data Controller, about the source
from where they were obtained, the purpose, grounds and duration of processing,
the name and address of the data processor and on its activities relating to
data processing, and - if the personal data of the data subject is made
available to others - the legal basis and the recipients. Information may be
requested by sending an e-mail to the e-mail address firstname.lastname@example.org or by sending a letter to the
postal address of 1164 Budapest, Ostorhegy u. 4., Hungary, including the proof
of identity and stating the postal address in both cases. The Data Controller
shall reply in writing not later than 30 (thirty) days after receipt of the
request. This information is free of charge if the person requesting for
information did not request for information about the same category of data
during the current year. In other cases the Data Controller shall be reimbursed
for its costs.
User is entitled to request for correction of his personal data (by providing
the correct data), by sending an e-mail to the e-mail address email@example.com , or by sending a letter to the postal address of 1164 Budapest,
Ostorhegy u. 4., Hungary, including the proof of identity and stating the
postal address in both cases. The Data Controller shall perform the correction
in its register without delay, and notify the data subject thereof in writing.
addition to the above, the User may ask, at any time, to delete or to block,
partly or wholly, his data, without giving reasons thereto, by sending an e-mail
to the e-mail address firstname.lastname@example.org or by sending a letter to the address of 1164 Budapest, Ostorhegy u.
4., Hungary, including the proof of identity and stating the postal address in
both cases. After receiving the deletion request, the Data Controller stops the
processing of the relevant data without delay, and deregisters the User.
Data Controller shall block the personal data instead of deletion if so
requested by the User, or if there are reasonable grounds to believe that such deletion
could affect the legitimate interests of the User. Personal data blocked
thereby may only be processed until the purpose preventing the deletion of the
personal data persists.
the Data Controller fail to fulfil the User’s request for correction, blocking
or deletion of his data, the Data Controller shall communicate, in writing, the
factual or legal reasons for refusal of the request for correction, blocking or
deletion. Where correction, blocking or deletion is refused, the Data
Controller shall notify the User of the possibilities for seeking judicial
remedy or lodging a complaint with the National Authority for Data Protection
and Freedom of Information.
the User may decide at any time that the Data Controller not send any
Newsletters to him in future. The User may withdraw his consent to receiving
Newsletters at any time free of charge, without giving reasons thereto and
without limitation by clicking on the cancellation of subscription link, or
sending a mail to the e-mail address email@example.com, or by sending a
letter to the postal address of 1164 Budapest, Ostorhegy u. 4., Hungary
(indicating also the exact personal data).
After receiving the request for cancellation of subscription, the Data
Controller shall immediately delete the User’s data from its direct marketing
data base, and shall not send Newsletters to the User any longer.
User may request the Data Controller at any time not to contact him for the
purpose of Market Researches. The User may withdraw his consent to inquiries
for Market Research purposes at any time free of charge, without giving reasons
thereto and without limitation, by sending a mail to the e-mail address firstname.lastname@example.org, or by sending a letter to the postal address of 1164 Budapest,
Ostorhegy u. 4., Hungary (indicating also the exact personal data). After receiving the request, the Data
Controller shall immediately delete the User’s data from the relevant direct
marketing data base, and shall not contact the User for Market Research
purposes in future.
such withdrawal concerns direct marketing-related data management (i.e. sending
Newsletters) or Market Researches exclusively, the Data Controller shall remove
the User immediately from the relevant registers only, but the Data Controller
shall be entitled to continue processing the User’s data otherwise, e.g. in the
case of registration.
The User may object to
the processing of data relating to him,
if the personal data
are processed or transferred to fulfil the legal obligations of the Data
Controller, or enforce the rightful interests of the Data Controller, data
recipient or a third party except in the case of mandatory data processing;
if the personal data is
used or transferred for direct marketing, public opinion polls or scientific
research purposes, or
in other cases defined
Data Controller shall assess the objection within the shortest possible time,
but in any case not later than 15 days following the submission of the request,
shall decide as to merits and shall notify the applicant in writing of its
decision. If the User disagrees with the decision taken by the Data Controller,
or if the Data Controller fails to meet the above-mentioned deadline, the User
may turn to court within 30 days of the date of delivery of the decision or
from the last day of the time limit.
Information Collected Otherwise in Connection with the
Use of the Website
in Connection with the Use of the Website
If the User fails to explicitly provide data or information about
himself in accordance with all those laid down in Chapter III on the Website,
the Data Controller shall not collect or process any personal data relating to
the User in such a way that the User could be identified based thereon.
The Data Controller puts small data packages, so-called cookies on the
User’s computer in order to provide customized services. Such cookies include
information relating to the user of the website, which can make the next visit
smoother and the use of the website easier.
Except in cases required by law, such pieces of information are not
connected to other personal data of the user, i.e. the User cannot be
identified on the basis of those data. Such data can be accessed by the Data
Controller solely. The Data Controller does not disclose information collected
by using cookies to a third party.
Use of Information
collected using the above-mentioned technologies cannot be used to identify the
User; neither does the Data Controller connect such data to other data that
might be used for identification.
Such data are primarily aimed at operating the Website at the highest
possible standard in order to enhance the user experience, and operating, by
the Data Controller, the Website in an appropriate manner, which requires, in
particular, tracking data relating to visits on the Website and detection of
possible abuses in connection with the use of the Website. On the other hand,
the Data Controller may also use the data specified herein for noting the
User’s personal preferences (e.g. the most frequently viewed contents on the
In addition to the above, the Data Controller may use that information
to analyse use-related tendencies, and to improve and develop the functions of
the Website, furthermore to obtain comprehensive traffic data regarding the
entire use of the Website.
Disabling of Cookies
User may disable or enable installation of cookies on his computer in his own
Internet browser, however, it is important to note that although disabling all
cookies might help protection of personal data, this might limit the usability
of certain websites. In general, cookies can be enabled or disabled in the
Privacy setting of the menu of Tools/Settings of the Internet browsers, in the
item named Cookies.
The Data Controller
does not assume liability for the contents, and privacy and data handling
practice of other websites that can be accessed from the Website as jump
points. If the Data Controller learns that the page linked by it or the linking
violates the rights of third persons or applicable legal regulations, the Data
Controller shall remove the link from the Website without delay.
The Data Controller
shall bind itself to implement adequate safeguards to protect data, and
implement technical and organisational measures, and establish procedural rules
which can provide protection for the recorded, stored or processed data and can
provide protection against destruction, unauthorized use and unauthorized
modification thereof. The Data Controller shall also bind itself to obligate
any and all third parties to whom the Data Controller forward or transfer data
on the basis of the User’s consent to meet its data security requirements.
Data Controller makes sure that no unauthorised persons can access, make
public, transfer, modify or delete any data being processed. All data being
processed can only be accessed by the Data Controller and the employees of the
Data Processors acting for and on behalf of the Data Controller, and the Data
Controller shall not transfer such data to a third party who is not authorized
to access such data.
Data Controller shall use its best efforts to prevent data from accidental
damage or destruction. The Data Controller shall also require its employees
involved in the data processing as well as any Data Processors acting for and
on behalf of the Data Controller to meet the above obligations.
The User acknowledges
and accepts that in case of submitting his personal data on the Website, such
data cannot be fully protected on the Internet in spite of the fact that the
Data Controller has modern security tools for preventing unauthorized access
and ferreting out of data. If the data are accessed or become known without
authorization in spite of our efforts, the Data Controller shall not be liable
for such data obtainment or unauthorized access, or for any loss incurred by
the User for said reasons.
Data Controller will make every effort in order to handle personal data in
accordance with the legal regulations, but if you think we have failed to
comply with said regulations, please contact us by sending an e-mail to the
e-mail address email@example.com or by sending a letter to the postal address of
1164 Budapest, Ostorhegy u. 4., Hungary.
you think your right to the protection of personal data has been violated, pursuant
to the governing law, you can appeal to the competent authorities for legal
remedy, which are as follows:
- National Authority for Data Protection and
Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor
sent electronically are handled by the National Media and Infocommunications
Authority; detailed legislation is included in Act CXII of 2011 on the Right of
Informational Self-Determination and on Freedom of Information, and in Act
CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information
Policy is governed by the law of Hungary, in particular, the
provisions of Act CXII of 2011 on the Right of Informational Self-Determination
and on Freedom of Information.
Data Controller retains its right to unilaterally amend this Policy at any
time, without prior notice of the data subjects.
Olimpia Kerékpár Kft