Data Protection Policy

Data Protection and Data Management Policy of Olimpia Kerékpár Kft

 

This Data Protection and Data Management Policy (hereinafter referred to as the “Policy”) aims at stating the data protection and data processing principles and the company’s data protection and data processing policy implemented by Olimpia Kerékpár Kft, as the operator of the website under the domain name www.gepida.hu (hereinafter referred to as the “Website”) in the course of providing its services via the Website, which are admitted by the company as binding. Please read this Policy carefully before using the Website.

    

   I.       Data Controller and Data Processor

The data are controlled by Olimpia Kerékpár Gyártó-, Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság, which operates the Website (hereinafter referred to as the “Data Controller”).

 

Registered office: 1164 Budapest, Ostorhegy u 4.

Company registration number: 01-09-566339

Represented by: Mr. György Berkes, executive manager

E-mail address: berkes.gyorgy@gepida.hu.

Telephone number: +36-1-400-6065

 

Registration number of data management for direct marketing use (newsletters):  NAIH-85152/2015

Registration number of data management for public opinion poll or market research use: NAIH-85153/2015

Registration number of data management for operating the “Contact Us” function: NAIH-85292/2015

 

The data are processed by GrApixx Hosting Kft (registered office: 8600 Siófok, Aradi Vértanúk útja 36.), acting for and on behalf of the Data Controller. The Data Controller also employs Mind Center (registered office: 1135 Budapest, Hun utca 2.) as a data processor for carrying out public opinion polls and market researches and consumer surveys. The Data Controller reserves its rights to involve additional data processors in the data management in future, about which it will inform the visitors of the Website (the “User”) through amending this Policy.

      II.       Interpretative Provisions

 

Personal data shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject.

Objection shall mean a statement of the data subject objecting to the management of his personal data and requesting the termination of data processing and deletion of his data processed;

Data management shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);

Data transfer shall mean making the data accessible to a specific third partner;

Disclosure shall mean making the data accessible to any person;

Data deletion shall mean making the data unrecognizable in such a way that it is impossible to restore them;

Blocking of data shall mean marking data with a special ID tag to indefinitely or definitely restrict their further processing;

Data destruction shall mean complete physical destruction of the data carrier recording the data;

Data processing shall mean performing technical tasks in connection with data management operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;

Data processor shall mean any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions.

 

The Users may provide information and data about themselves in two ways:

 

·         Through personal data the User explicitly provides or makes available during registration on the Website, registration for the web store, registration for the Perpetual Warranty Programme, subscription to the newsletter or in the course of using the “Contact Us” function (see Chapter III).

·         Through information made available to the Data Controller by visiting the Website and in connection with the use thereof (see Chapter IV).

 

    III.       Handling of Data Explicitly Provided by the Users

 

1.) The Scope of Controlled Data

 

In connection with the services provided, the Data Controller controls the following data of the Users:

 

a.         In case of registration on the Website

 

The User may register on the Website (http://www.gepida.hu/Tamogatas/Regisztracio2), which requires providing the following data:

 

·         Name

·         E-mail address

·         Password

 

When registering on the Website, the scope of other data processed by the Data Controller includes the date and time of registration.

 

b.         In case of registration for the Web Store

 

Registration for the Web Store is only allowed for our authorized partners. Subscription to the Web Store and cancelling such subscription is controlled centrally. Here, the system stores the following data:

 

·         Name

·         E-mail address

·         Telephone number

·         Address

·         Invoice details

 

 

c.         In case of registration for the Perpetual Warranty Programme

 

Registration for the Perpetual Warranty Programme (http://www.gepida.hu/Tamogatas/Kerekpar-regisztracio) requires providing the following data:

 

·         The model of the bicycle purchased

·         ID number

·         The owner’s name

·         The owner’s e-mail address

·         Postal address

·         Telephone number

·         Place of purchase (country)

·         Date of purchase

·         Number of document certifying the purchase (invoice, receipt)

 

When registering for the Perpetual Warranty Programme, the scope of data processed by the Data Controller includes the date and time of registration.

 

d.         In case of subscribing to newsletters

 

On the Website, the User can subscribe to the special newsletters of Olimpia Kerékpár Kft only, on dedicated interfaces (http://www.gepida.hu/Tamogatas/Hirlevel, and at the bottom of the website) Subscription to newsletters requires providing the following data:

 

·         Full name

·         E-mail address

 

When subscribing to newsletters, the scope of data processed by the Data Controller includes the date and time of subscription, and consent to direct marketing-related requests.

 

e.         In case of using the “Contact Us” function

 

By using the “Contact us” function, the User can send a message to the customer service of Olimpia Kerékpár Kft. For sending a message, the following data must be provided:

 

·         Full name

·         Telephone number

·         E-mail address

·         Other personal data that might be included in the message

 

When sending a message, the scope of data processed by the Data Controller includes the date and time of sending the message.

 

 

Only persons aged over 16 are entitled to submit any data on the Website.

 

2.) Purpose and Term of Data Management

 

The Data Controller uses the above-listed data for the following purposes:

 

·         In case of registration on the Website, ensuring certain extra functions on the Website (momentarily, only showing the product prices). Sending newsletters, or carrying out public opinion polls or market researches (via the newsletters or telephone interviews) or consumer surveys if the User explicitly agrees thereto.

·         In case of registration for the Web Store, recording and fulfilment of orders placed via the Website, delivery of products ordered, maintain contacts in relation to the orders, making out invoices, and meeting accounting obligations. Sending newsletters (to the e-mail address of our traders’ company) about news affecting various traders and information about special offers.

·         In case of registration for the Perpetual Warranty Programme, fulfilment of the warranty assumed by Olimpia Kerékpár Kft, recording Users entitled to enforce warranty, and sending newsletters, or carrying out public opinion polls or market researches or consumer surveys (via the newsletters or telephone interviews) if the User explicitly agrees thereto (hereinafter referred to as “Market Research”);

·         In case of subscribing to newsletters, sending electronic newsletters, advertising messages, public opinion poll or market research-related messages popularizing the products, services and promotions of Olimpia Kerékpár Kft (hereinafter jointly referred to as the “Newsletters”);

·         In case of using the “Contact Us” function, establishing and maintaining contact with the User, and giving reply to the User’s messages.

 

The Data Controller may process any personal data for the length of time the purpose of data management persists, or until the User requests deletion of his data or withdraws his consent.

 

3.) Legal Grounds for Processing Personal Data

 

By registration on the Website or for the Perpetual Warranty Programme or for the Web Site, or by subscribing to the Newsletter, or by sending a message via the “Contact Us” function, the User confirms his reading and understanding of this Policy, and agrees to be bound by any provisions laid down therein, and, based on his information, freely and expressly consents to the Data Controller’s processing of his data in accordance with the provisions of this Policy. The personal data are processed on the basis of the User’s free consent, which the User has given based on information included herein.


The User declares that all data the User has provided are true and do not violate other persons’ personal rights. Should the User provide another person’s personal data, the User shall be obliged to obtain the consent of the person concerned thereto.

 

In specific cases, processing, storage and transfer of certain data provided is required by legal regulations, of which the Data Controller always notifies the data subjects.

 

4.) Parties Authorized to Access the Data

 

The Data Controller and the Data Processors employed by the Data Controller are entitled to access the personal data in accordance with the applicable laws.

 

Unless expressly laid down in legal provisions, the Data Controller may only transfer data suitable for personal identification to a third party after obtaining the User’s explicit consent thereto.

 

5.) The User’s Rights Relating to His Data Processed

 

If so requested by the User, the Data Controller shall provide information about the User’s personal data processed by the Data Controller, about the source from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor and on its activities relating to data processing, and - if the personal data of the data subject is made available to others - the legal basis and the recipients. Information may be requested by sending an e-mail to the e-mail address office@gepida.hu  or by sending a letter to the postal address of 1164 Budapest, Ostorhegy u. 4., Hungary, including the proof of identity and stating the postal address in both cases. The Data Controller shall reply in writing not later than 30 (thirty) days after receipt of the request. This information is free of charge if the person requesting for information did not request for information about the same category of data during the current year. In other cases the Data Controller shall be reimbursed for its costs.

 

The User is entitled to request for correction of his personal data (by providing the correct data), by sending an e-mail to the e-mail address office@gepida.hu , or by sending a letter to the postal address of 1164 Budapest, Ostorhegy u. 4., Hungary, including the proof of identity and stating the postal address in both cases. The Data Controller shall perform the correction in its register without delay, and notify the data subject thereof in writing.

 

In addition to the above, the User may ask, at any time, to delete or to block, partly or wholly, his data, without giving reasons thereto, by sending an e-mail to the e-mail address office@gepida.hu or by sending a letter to the address of 1164 Budapest, Ostorhegy u. 4., Hungary, including the proof of identity and stating the postal address in both cases. After receiving the deletion request, the Data Controller stops the processing of the relevant data without delay, and deregisters the User.

 

The Data Controller shall block the personal data instead of deletion if so requested by the User, or if there are reasonable grounds to believe that such deletion could affect the legitimate interests of the User. Personal data blocked thereby may only be processed until the purpose preventing the deletion of the personal data persists.

 

Should the Data Controller fail to fulfil the User’s request for correction, blocking or deletion of his data, the Data Controller shall communicate, in writing, the factual or legal reasons for refusal of the request for correction, blocking or deletion. Where correction, blocking or deletion is refused, the Data Controller shall notify the User of the possibilities for seeking judicial remedy or lodging a complaint with the National Authority for Data Protection and Freedom of Information.

 

Furthermore, the User may decide at any time that the Data Controller not send any Newsletters to him in future. The User may withdraw his consent to receiving Newsletters at any time free of charge, without giving reasons thereto and without limitation by clicking on the cancellation of subscription link, or sending a mail to the e-mail address office@gepida.hu, or by sending a letter to the postal address of 1164 Budapest, Ostorhegy u. 4., Hungary (indicating also the exact personal data).  After receiving the request for cancellation of subscription, the Data Controller shall immediately delete the User’s data from its direct marketing data base, and shall not send Newsletters to the User any longer.

 

The User may request the Data Controller at any time not to contact him for the purpose of Market Researches. The User may withdraw his consent to inquiries for Market Research purposes at any time free of charge, without giving reasons thereto and without limitation, by sending a mail to the e-mail address office@gepida.hu, or by sending a letter to the postal address of 1164 Budapest, Ostorhegy u. 4., Hungary (indicating also the exact personal data).  After receiving the request, the Data Controller shall immediately delete the User’s data from the relevant direct marketing data base, and shall not contact the User for Market Research purposes in future.

 

If such withdrawal concerns direct marketing-related data management (i.e. sending Newsletters) or Market Researches exclusively, the Data Controller shall remove the User immediately from the relevant registers only, but the Data Controller shall be entitled to continue processing the User’s data otherwise, e.g. in the case of registration.

 

The User may object to the processing of data relating to him,

·         if the personal data are processed or transferred to fulfil the legal obligations of the Data Controller, or enforce the rightful interests of the Data Controller, data recipient or a third party except in the case of mandatory data processing;

·         if the personal data is used or transferred for direct marketing, public opinion polls or scientific research purposes, or

·         in other cases defined by law.

 

The Data Controller shall assess the objection within the shortest possible time, but in any case not later than 15 days following the submission of the request, shall decide as to merits and shall notify the applicant in writing of its decision. If the User disagrees with the decision taken by the Data Controller, or if the Data Controller fails to meet the above-mentioned deadline, the User may turn to court within 30 days of the date of delivery of the decision or from the last day of the time limit.

 

    IV.       Information Collected Otherwise in Connection with the Use of the Website

 

1.)        Information Collected in Connection with the Use of the Website

 

If the User fails to explicitly provide data or information about himself in accordance with all those laid down in Chapter III on the Website, the Data Controller shall not collect or process any personal data relating to the User in such a way that the User could be identified based thereon.

 

The Data Controller puts small data packages, so-called cookies on the User’s computer in order to provide customized services. Such cookies include information relating to the user of the website, which can make the next visit smoother and the use of the website easier.

 

Except in cases required by law, such pieces of information are not connected to other personal data of the user, i.e. the User cannot be identified on the basis of those data. Such data can be accessed by the Data Controller solely. The Data Controller does not disclose information collected by using cookies to a third party.

 

 

2.)        Use of Information

 

Data collected using the above-mentioned technologies cannot be used to identify the User; neither does the Data Controller connect such data to other data that might be used for identification.

 

Such data are primarily aimed at operating the Website at the highest possible standard in order to enhance the user experience, and operating, by the Data Controller, the Website in an appropriate manner, which requires, in particular, tracking data relating to visits on the Website and detection of possible abuses in connection with the use of the Website. On the other hand, the Data Controller may also use the data specified herein for noting the User’s personal preferences (e.g. the most frequently viewed contents on the Website).

 

In addition to the above, the Data Controller may use that information to analyse use-related tendencies, and to improve and develop the functions of the Website, furthermore to obtain comprehensive traffic data regarding the entire use of the Website.

 

3.)        Disabling of Cookies

 

The User may disable or enable installation of cookies on his computer in his own Internet browser, however, it is important to note that although disabling all cookies might help protection of personal data, this might limit the usability of certain websites. In general, cookies can be enabled or disabled in the Privacy setting of the menu of Tools/Settings of the Internet browsers, in the item named Cookies.

 

  1. Links

 

The Data Controller does not assume liability for the contents, and privacy and data handling practice of other websites that can be accessed from the Website as jump points. If the Data Controller learns that the page linked by it or the linking violates the rights of third persons or applicable legal regulations, the Data Controller shall remove the link from the Website without delay. 

 

  1. Data Security

 

The Data Controller shall bind itself to implement adequate safeguards to protect data, and implement technical and organisational measures, and establish procedural rules which can provide protection for the recorded, stored or processed data and can provide protection against destruction, unauthorized use and unauthorized modification thereof. The Data Controller shall also bind itself to obligate any and all third parties to whom the Data Controller forward or transfer data on the basis of the User’s consent to meet its data security requirements.

 

The Data Controller makes sure that no unauthorised persons can access, make public, transfer, modify or delete any data being processed. All data being processed can only be accessed by the Data Controller and the employees of the Data Processors acting for and on behalf of the Data Controller, and the Data Controller shall not transfer such data to a third party who is not authorized to access such data.

 

The Data Controller shall use its best efforts to prevent data from accidental damage or destruction. The Data Controller shall also require its employees involved in the data processing as well as any Data Processors acting for and on behalf of the Data Controller to meet the above obligations.

 

The User acknowledges and accepts that in case of submitting his personal data on the Website, such data cannot be fully protected on the Internet in spite of the fact that the Data Controller has modern security tools for preventing unauthorized access and ferreting out of data. If the data are accessed or become known without authorization in spite of our efforts, the Data Controller shall not be liable for such data obtainment or unauthorized access, or for any loss incurred by the User for said reasons.

     V.       Legal Remedies

 

The Data Controller will make every effort in order to handle personal data in accordance with the legal regulations, but if you think we have failed to comply with said regulations, please contact us by sending an e-mail to the e-mail address office@gepida.hu or by sending a letter to the postal address of 1164 Budapest, Ostorhegy u. 4., Hungary.

 

If you think your right to the protection of personal data has been violated, pursuant to the governing law, you can appeal to the competent authorities for legal remedy, which are as follows:

  • National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Hungary)
  • court.

 

Advertisements sent electronically are handled by the National Media and Infocommunications Authority; detailed legislation is included in Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, and in Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

 

 

    VI.       Miscellaneous

 

This Policy is governed by the law of Hungary, in particular, the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.

 

The Data Controller retains its right to unilaterally amend this Policy at any time, without prior notice of the data subjects.

 

 

Budapest, 01/05/2015

Olimpia Kerékpár Kft

Data Controller