Privacy Policy
1. Purpose of the data protection and data management policy.
The purpose of this data protection and data management policy (hereinafter: the Policy) is to record the data protection and data management principles applied by BioEko Tech Hungary Kft. (hereinafter: the “Company”) and the Company’s data protection and data management policy, which the Company bindingly acknowledges and undertakes that all data processing related to its activities complies with the requirements set out in these regulations and in the applicable national legislation, as well as in the legal acts of the European Union.
It also includes the rules regarding the handling of personal data carried out by the owner of www.oxydtron.com (as Operator), available under the domain name www.oxydtron.com and its subdomains (hereafter referred to as Service), as well as information on data management.
When developing the provisions of these Regulations, the Company took into account in particular the provisions of Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), CXII of 2011 on the right to informational self-determination and freedom of information. Act (“Infotv”), Act V of 2013 on the Civil Code (“Ptk”), and Act XLVIII of 2008 on the basic conditions and certain limitations of commercial advertising activities. provisions contained in law (“Grtv.”).
The data protection guidelines related to the Company’s data management are continuously available on the Company’s website. The Company reserves the right to change this information within the legal framework, in addition to informing about possible changes.
2. Conceptual definitions:
- Personal data: data that can be associated with a specified natural person (hereinafter: Data Subject), in particular the data subject’s name and identification mark, as well as one or more pieces of information characteristic of his or her physical, physiological, mental, economic, cultural or social identity that can be deduced from the data and assigned to the data subject relevant conclusion. During data processing, personal data will retain its quality as long as the relationship with the data subject can be restored;
- Data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, blocking, deletion of personal data and destruction, as well as prevention of further use of the data;
- Data controller: BioEko Tech Hungary Kft. (7030 Paks, Kurcsatov u. 10. 3/8.)
- Data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
- Data destruction: complete physical destruction of the data carrier containing the data;
- Data transmission: making Personal Data available to a specific third party;
- Disclosure: making Personal Data available to anyone;
- holding organization that processes personal data on behalf of the data controller;
- Data deletion: rendering the data unrecognizable in such a way that their recovery is not possible;
- the natural person who contacts our Company in person at the Company or in an electronic message sent to any of the Company’s e-mail addresses, visits the Company’s website (www.oxydtron.hu), registers on the site, requests an offer, orders a product, and any data there gives
3. Data of the data controller
If you would like to contact our company, you can contact the data controller at info@oxydtron.com.
The Company deletes all e-mails received, together with personal data, no later than 6 years after the date of data communication.
BioEko Tech Hungary Kft.
- 7030 Paks, Kurcsatov út 10. 3/8.
- Code: 17-09-006438
- Tax number: 14303911-2-17
- Managing Director: Gabor Balogh
Details of the Data Protection Officer:
- Name: Balogh Gábor
- E-mail address: balogh.gabor@oxydtron.hu
- Telephone number: +36 20 9411839
4. Scope of processed personal data
Based on the User’s decision, the Data Controller may process the following data in connection with the use of the Services: name, place of residence, e-mail address, telephone number, date of birth, IP address of last access, date of last access. It may happen that a service provider technically related to the operation of the Services conducts data management activities on one of the websites without informing the Data Controller. Such activity does not qualify as Data Management by the Data Controller. The Data Controller will do everything in its power to filter out and prevent such data processing.
4.1 Technical data
The Company selects and operates the IT tools used to manage personal data in the course of providing the service in such a way that the managed data is accessible to those authorized to do so, the authenticity and authentication of the data is ensured, their immutability can be verified, and they are protected against unauthorized access. The Company uses appropriate measures to protect data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction.
The Company ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management. During data management, the Company keeps:
- confidentiality: it protects the information so that only those who have the right to access it can access it;
- integrity: protects the accuracy and completeness of the information and the method of processing;
- availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.
4.2 Cookies
4.2.1 The purpose of cookies:
- collect information about visitors and their devices;
- remember the individual settings of the visitors, which will be used, e.g. when using online transactions, so you don’t have to type them in again;• facilitate the use of the website;
- provide a quality user experience.In order to provide customized service, a small data package, so-called it places a cookie and reads it back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to connect the user’s current visit with previous ones, but only with regard to its own content.
4.2.2 Absolutely necessary session cookies
The purpose of these cookies is to enable visitors to browse the www.oxydtron.comwebsite completely and smoothly, to use its functions and the services available there. They are essential for website navigation, the operation of key functions of our website and access to protected content. These cookies store the information necessary to fill out the data sheets and, in some cases, the language you have selected, and do not collect any information about you that could be used to identify you, that could be used for marketing purposes, or that would remember what other websites you visited. After closing the website, these cookies are automatically deleted and the session is closed.
4.2.3 Analytics cookies
The website www.oxydtron.hu uses the Google Analytics system of Google Inc. (“Google”) to analyze its visits. The Google Analytics system stores “cookies” on your IT device and uses them to analyze website traffic, helping to improve our website in order to enhance the user experience. The website visit data recorded in the “cookie” (including the time of the visit and your IP address) are transferred to and stored on the servers of Google USA.
Google uses this data to evaluate your website visiting habits, to compile reports on them for the Operator, and to provide other services related to the website and the use of the Internet. Users who do not want Google Analytics to report their visit can install the Google Analytics blocking browser extension. This add-on instructs the Google Analytics JavaScript scripts (ga.js, analytics.js, and dc.js) not to send visit information to Google.
Users who have installed the blocking browser extension will also not participate in content experiments. To opt-out of Analytics web activity, visit the Google Analytics opt-out page (http://tools.google.com/dlpage/gaoptout) and install the add-on for your browser. For more information on installing and uninstalling the extension, see the help for your browser.
4.2.4 Targeted (advertising)
In order to be able to provide our visitors with marketing information that best suits their interests, we may also use personalized, i.e. targeted or advertising cookies, which, however, requires your express consent, which can be given by clicking on the appropriate button in the separate text box that appears on the given web interface . These cookies collect detailed information about your browsing habits.
4.2.5 Third Party Cookies
We sometimes use external web services to display various content on our website, which may result in the storage of some cookies that we do not control, so we have no control over what data these websites or external domains collect about how you use these embedded contents.
4.3 Data related to online ordering and online administration
On our website, you can enter the following data during the order or any administration related to the Services, we process the following data: Name, Address, Telephone number, e-mail address. The data required to pay for the order must not be entered on our site, but on the site managing the service.
5. Purpose, method and legal basis of data management, use and retention period of data.
5.1 General data management guidelines
The data management of the Company’s activities is based on voluntary consent and legal authorization. In the case of data management based on voluntary consent, the data subjects may withdraw their consent at any stage of the data management.
In certain cases, the management, storage, and transmission of a range of the provided data are made mandatory by law.
We draw the attention of informants to the Company that if they do not provide their own personal data, the informant must obtain the consent of the person concerned.
Its basic data management principles are in line with the applicable legislation on data protection, and in particular with the following:
- CXII of 2011. law – on the right to self-determination of information and freedom of information (Infotv.);
- Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) – on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as Regulation 95/46/EC in force (General Data Protection Regulation, GDPR)
- Act V of 2013 – on the Civil Code (Ptk.);
- Act C of 2000 – on accounting (Accounting Act);
- LIII of 2017 Act – on the prevention and prevention of money laundering and terrorist financing (Pmt.);
- CCXXXVII of 2013 Act – on credit institutions and financial enterprises (Hpt.).
5.2 Planned use and retention period of managed data
The purpose of the data management carried out by the Data Controller:
a) identification of the User, contact with the User
b) User rights (services available to the User) identification;
c) facilitating the customization of the Services used by the User, the use of convenience functions;
d) management of individual user inquiries;
e) preparation of statistics and analyses;
i) in individual cases, organizing and conducting prize games, notifying the winners and providing them with the prize;
j) in the case of a webshop service, creating a contract between the parties, defining its content, amending it, monitoring its fulfillment, delivering the ordered product or using the ordered service, invoicing the purchase price and asserting related claims, documenting the adequacy of the performance, accounting obligations fulfillment;
k) technical development of the IT system;
I) protecting the rights of Users;
m) enforcing the legitimate interests of the Data Controller
5.3 Quotation request, contact on the website.
Legal basis for data management: The request for proposals is based on voluntary consent.
Purpose of data management: Giving a personalized offer to the contracting authority and maintaining contact.
Scope and purpose of processed data:
| DATA | PURPOSE |
| Name (mandatory) | contact, identification |
| Company email (required) | maintaining contact, specifying requirements, sending an offer |
| Telephone (required) | maintaining contact, clarifying needs |
| Company name (required) | identification, making a personalized offer |
| Website | in the case of certain services, it is necessary for bidding |
| Message (required) | request for a description of the requirements necessary for submitting an offer |
Scope of stakeholders: All natural persons who request an offer from the Data Controller in connection with a given service by providing the necessary data.
Duration of data management: The Data Controller manages the data provided until the consent of the data subject is withdrawn.
Data management process:
a) the data subject applies to the Data Controller for the purpose of requesting an offer via the Request for Offer form on the Contact page of the website.
b) the Data Controller shall, if necessary, specify the requirements contained in the request for proposals with the data subject.
c) the Data Controller responds to the data subject in an e-mail message and can send a price offer.
5.4 Contact via telephone
We can see the caller’s phone number during calls made to our phone number found on our website or obtained in other ways. Of course, you can introduce yourself (name, company represented). These data are absolutely necessary. We try to encourage the caller to sign up via the form on our website, thus accepting this Data Management Notice. If this does not happen, we will not save your name and phone number.
5.5 Order and conclusion of contract
Legal basis for data management: The order is based on voluntary consent.
Purpose of data management: Delivery of the order to the Data Controller, its clarification, addition, acceptance or rejection by the Data Controller and the necessary contact.
Scope and purpose of processed data:
| Data | Purpose |
| Company name (required) | identification, contact, conclusion of contract, invoicing |
| Postal address (required) | contact, delivery of contract and invoice |
| Billing address (required) | contracting, invoicing |
| Tax number (required) | identification, contracting, invoicing |
| Company registration number (required) | identification, conclusion of contract |
| Representative’s name, phone number, e-mail address (required) | contact, conclusion of contract |
| Contact name, phone number, e-mail address (required) | contact, conclusion of contract |
Scope of stakeholders: All natural persons who order a service from the Data Controller by providing the necessary data.
Duration of data management: The Data Controller manages the data provided until the consent of the data subject is withdrawn.
Data management process:
a) the data subject contacts the Data Controller for the purpose of placing an order in the way he/she chooses (in person, by telephone, by e-mail, in other forms).
b) the Data Controller clarifies the requirements with the data subject if necessary.
c) the Data Controller makes an offer to the customer and/or sends him a contract.
d) the Data Controller shall provide the customer with performance according to the contract after the offer and/or the contract has been accepted by the customer.
e) the customer issues a certificate of completion.
f) the Data Controller issues an invoice to the customer, and after paying it, archives the generated documents.
5.6 Presence and marketing on social media sites
Designation of social media sites: Facebook, Instagram, Google+, Pinterest
Legal basis for data management: Data management related to the Data Controller’s profile on social media sites is based on voluntary consent.
Purpose of data management: Sharing the contents of the Data Controller’s website on social media, drawing attention to this, marketing.
Scope and purpose of processed data:
| Data | Purpose |
| Name | identification |
| Used photo | identification |
| Comment | expression of opinion |
| Evaluation | expression of opinion, mood |
| Content of the question / request | response input data |
Scope of stakeholders: All natural persons who visit and follow the social media pages of the Data Controller, like/dislike the content posted there, and share them among their acquaintances in whole or in part.
Duration of data management: until the page is deleted, until the page is liked by the data subject, until the data subject’s deletion operation.
5.7 Data management related to bank data
Legal basis for data management: Providing data related to bank transfers is based on voluntary consent.
Purpose of data management: facilitating financial performance on the part of the data subject.
Scope and purpose of processed data:
| Data | Purpose |
| Name (name of account holder) | identification |
| E-mail address / postal address | required to send the advance request and invoice |
| Bank account number | identification |
| Bank Noticie | identification |
| Amount | necessary for performance |
Stakeholders: All natural persons who wish to pay by bank transfer.
Duration of data management: In accordance with the accounting rules in force.
Data management process:
a) The data controller sends an advance request/invoice to the e-mail/postal address of the person concerned.
b) the data subject transfers the appropriate amount to the Data Controller’s bank account.
c) The data controller checks the transfer.
d) the data related to the transfer are included in the Data Controller’s accounting, which can only be accessed by an accountant who has a contractual relationship with the Data Controller, as a data processor in this regard.
5.8 Complaint handling
Filing a complaint is based on voluntary consent, but in the case of a complaint, the processed data is in accordance with the CLV of 1997 on consumer protection. mandatory by law.
A complaint:
a) at the e-mail address info@oxydtron.hu, with the word COMPLAINT in the “Subject” section of the e-mail, or
b) by filling out the form on the “Contact” sub-page of the http://www.oxydtron.hu/ website, by entering the word COMPLAINT in the “Message” field, or
c) by post to BioEco Tech Kft. 7030 Paks, Kurcsatov út. 10. 3/8 can be sent to the Data Controller at the mailing address.
Scope of stakeholders: All natural persons who wish to communicate a complaint orally or in writing regarding the service ordered or used and/or the behavior, activities or omissions of the Data Controller.
The purpose of data management: to establish that the complaint has been communicated, to identify the complaint of the person concerned, to record mandatory data from the law, and to maintain contact.
Data management period: the Data Controller manages the record of the complaint and the copy of the response for 5 years from their recording in accordance with the relevant and effective Fgytv. 17/A § 7. based on, mandatory.
Scope and purpose of processed data:
| Data | Purpose |
| Complaint ID | identification |
| Name | identification |
| Date of receipt of complaint | identification |
| Phone number | Contact |
| Time of call | identification |
| Personal data provided during a conversation | identification |
| Billing / mailing / e-mail address | kapcsolattartás |
| Complained service / behavior | complaint investigation |
| Attached documents | complaint investigation |
| Reason for complaint | complaint investigation |
| Complaint | complaint investigation |
The Fgytv. in accordance with its provisions, the contractor must respond to the written complaint within thirty days after its receipt, or if the law establishes a shorter deadline, by the expiration of that deadline and take steps to communicate it. The company is obliged to justify its position rejecting the complaint.
Data management process:
a) the data subject communicates his complaint to the Data Controller in the manner of his choice.
b) in the case of a verbal complaint, the Data Controller takes a record of the complaint.
c) the Data Controller examines all the circumstances of the complaint and responds to it based on these.
d) the Data Controller strives to settle the complaint in a way that is satisfactory to the complainant
6. Physical storage locations of the data
Your personal data (that is, the data that can be linked to your person) can be processed by us in the following way: on the one hand, in connection with maintaining the Internet connection, technical data related to the computer you use, browser program, Internet address, and visited pages are automatically generated by Google Analytics system, on the other hand, you can also enter your name, contact information or other data if you wish to contact us personally when using the website or use our request for proposal/webshop service.
7. Data transmission, data processing, the circle of those familiar with the data
In addition to the Data Protection Officer of our company, after May 25, 2018, some External Service Providers will record, manage, or processed.
Our company and the website www.oxydtron.com are connected to the following external service providers:
- Google Analytics, Google AdWords
- Manager of tomorrow: AFF Bt.
- Hosting provider: ATW Internet Kft.
- In case of execution: Oxydtron Technical Kft. (7030 Paks, Dózsa György út 13.)
According to these regulations, data processors:
Receiving and sending emails:
Gmail – Google Inc., Mountain View, California, USA Data protection guidelines: https://policies.google.com/privacy?hl=hu (Access to correspondence and all its data.)
Facebook page:
Facebook Inc. Menlo Park, California, USA Data management information: https://www.facebook.com/about/privacy/update(Access to the user’s name and comments.)
Google page:
Google Inc., Mountain View, California, USAData protection guidelines: https://policies.google.com/privacy?hl=hu(Access to the user’s name and comments.)
Pinterest page:
Pinterest-Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, IrelandData management information: https://policy.pinterest.com/hu/privacy-policy(Access to visit data.)Google
Analytics:
Google Inc., Mountain View, California, USAData protection guidelines: https://policies.google.com/privacy?hl=hu(Access to the anonymized, non-personally identifiable IP address of website visitors.)
Data transfer to a third country:
The third country to which data is transferred is the United States of America. A compliance decision was reached with the USA on July 12, 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy- shield_en), which is also observed by Google (https://policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield).
8. Affected rights and legal enforcement options
The data subject can request information about the processing of his personal data, and can request the correction of his personal data, or – with the exception of mandatory data processing – deletion or withdrawal, he can exercise his right to data portability and protest in the manner indicated when the data was collected, or at the above contact details of the data controller.
8.1 Right to information
The Company takes appropriate measures in order to provide the data subjects with all the information mentioned in Articles 13 and 14 of the GDPR and Articles 15-22 regarding the processing of personal data. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded.
8.2 Data subject’s right of access
The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the following information:
- the purposes of data management;
- categories of personal data concerned;
- the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
- the planned period of storage of personal data;
- the right to rectification, deletion or restriction of data processing and the right to object;
- the right to submit a complaint to the supervisory authority;
- information about data sources; the fact of automated decision-making, including profiling, as well as understandable information about the applied logic and the significance of such data management and the expected consequences for the data subject.
8.3 Right of rectification
The data subject may request the correction of inaccurate personal data concerning him/her managed by the Company and the addition of incomplete data.
8.4 Right to erasure
If one of the following reasons exists, the data subject is entitled to have the Company delete the personal data relating to him/her without undue delay upon request:
personal data are no longer needed for the purpose for which they were collected or otherwise processed;
the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
the data subject objects to data processing and there is no overriding legal reason for data processing;
personal data were handled illegally;
personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the data controller;
the collection of personal data took place in connection with the offering of services related to the information society.
Data deletion cannot be initiated if data management is necessary: for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task performed in the public interest or in the context of the exercise of public authority conferred on the data controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, on the basis of public interest; or to submit, assert or defend legal claims.
8.5 Right to restriction of data processing
At the request of the data subject, the Company restricts data processing if one of the following conditions is met:
- the data subject disputes the accuracy of the personal data, in this case the limitation for that period of time
- applies, which allows checking the accuracy of personal data;
- the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
- the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession
- the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
8.6 Right to data portability
The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller.
8.7 Right to protest
The data subject has the right to object at any time for reasons related to his own situation to the processing of his personal data necessary for the performance of a task carried out in the public interest or within the framework of the exercise of public authority granted to the data controller, or the processing necessary to enforce the legitimate interests of the data controller or a third party, including profiling based on the aforementioned provisions too. In the event of a protest, the data controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the presentation, enforcement or defense of legal claims.
8.9 Automated decision-making in individual cases
The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.
8.9 Right of Withdrawal
The data subject has the right to withdraw his consent at any time.
8.10 Legal enforcement options:
Right to go to court
In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.
Data protection official procedure
- Complaints can be made to the National Data Protection and Freedom of Information Authority:
- Name: National Data Protection and Information Freedom Authority
- Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
- Mailing address: 1530 Budapest, Pf.: 5.
- Telephone: +3613911400
- Fax: +3613911410
- E-mail: ugyfelszolgalat@naih.hu
- Website: http://www.naih.hu
9. Other provisions
We provide information on data management not listed in this information when the data is collected.
We inform our customers that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies based on the authorization of the law, provide information, communicate data, transfer documents, or they can contact the data controller to make it available. Our company only discloses personal data to the authorities – if the authority has specified the exact purpose and scope of the data – to the extent and to the extent that is absolutely necessary to fulfill the purpose of the request.
