The purpose of this policy is to record the Gyöngy-Harmony Ltd. (hereinafter referred to as Data Controller) the www.miraclecream.eu (hereinafter referred to as “the Website”) during the operation of the Website, visitors to the Website subscribers or personal data by other ways granted (hereinafter collectively referred to as “Concerned”) datas management. In connection with the handling of these data, the Data Controller informs the Concerned about the personal data he/she manages on the Website, the principles and practices of the processing of personal data, and about the ways and means of exercising the rights of the Parties. Valid until reversed, in case of modification, the version number must be published immediately on the company-provided interfaces.

The controller pays particular attention to the European Parliament on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repeal of Regulation (EC) No 46/46 (General Data Protection Regulation) with regard to the personal data it manages EUROPEAN PARLIAMENT AND COUNCIL (EU) 2016/679 (“Regulation”) and CXII of 2011 on Information Self-Determination and Freedom of Information. (Infotv.) in accordance with the provisions of this Act.

Any Recipient shall have the right to withdraw, in whole or in part, the consent of the Data Controller to the data management, or to request the deletion of its data in the manner specified in this Prospectus.

  1. NAME OF DATA MANAGER

The datas managed by Gyöngy-Harmony Ltd. Headquarters, mailing address: 173rd Szent László str. 1237. Budapest Hungary Phone number: +3620 529 8512 E-mail: support@miraclecream.eu Tax number: 23980154-2-43 Public tax ID number: Business Registration Number: 01-09-987545

Billing in Hungary: Gyöngyi Puskás self-employed, Adress: 167rt Ady Endre str. 1204. Budapest Hungary, Phone number: +3620 529 8512 Email: support@miraclecream.eu Tax number: 71652889-1-43, Account number: 11773205-00237060 

  1. CONCEPTS

The conceptual system of these Regulations is the same as the interpreters’ interpretations of Article 4 of the General Data Protection Regulation (hereinafter referred to as the Regulation), and in some points supplemented by the Infotv. 3 § Interpretative Provisions. Personal data: Any information relating to an identified or identifiable natural person (“Concerned”); identifies a natural person who, directly or indirectly, in particular by reference to an identifier, such as name, number, positioning data, online identifier or one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of a natural person identified;  

Data Manager: It is a natural or legal person, public authority, agency or any other body that determines the purposes and means of the processing of personal data independently or with others; if the purposes and means of data processing are defined by EU or Member State law, the specific aspects of the appointment of the controller or the controller may be determined by Union or national law;

Contribution: A voluntary, concrete and clear indication of the will of the data subject by which he or she expresses his / her consent to the processing of personal data concerning him or her by means of an act expressing the declaration unambiguously;

Data handling: All operations or operations performed on personal or data files in an automated or non-automated manner, such as collection, recording, systematization, distribution, storage, transformation or alteration, query, insight, use, communication, distribution or other means of access, coordination or interconnection, restriction, deletion or destruction;

Affected by: A voluntary, concrete and clear indication of the will of the data subject by which he/she expresses his/her consent to the processing of personal data concerning him or her by means of an act expressing the declaration unambiguously;

Data processor: It is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller;

Privacy incident: Damage to security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored or otherwise processed;  

  1. LEGAL BASIS FOR DATA MANAGEMENT

The legal basis for data processing is the European Parliament and Council (EU data protection regulation) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation). ) Was determined in accordance with Article 6 (1) of Regulation 2016/679 (“Regulation”), which is indicated for each data management case.

The Concerned may withdraw the consent given to the data management at any time, in which case the Data Controller shall delete all personal data of the Concerned from the system. In the absence of revocation, the duration of data management in the cases involving each data management is the deadline set out in this Prospectus.

  1. DATA MANAGEMENT CASES, HANDLED DATA CIRCUIT, DATA MANAGEMENT OBJECTIVE, TIME, LEGAL BASIS
  • Purchase data on the website, ie the data processed for the performance of the contract

Purpose of data management and scope of data processed: fulfillment of orders, invoice issuance, registration of registered or unregistered purchasers, documentation of purchase and payment, fulfillment of accounting obligations, contact with ordering. When placing an order, the Data Controller sends the information about the order, e-mails related to the payment transaction (payment of the order successful/failed) to the e-mail address of the Customer, completes the delivery to the specified shipping address and issues the invoice based on the data provided. Legal basis for data management

  • The legal basis for data management is the performance of a contract concluded with the Customer as a customer pursuant to Article 6 (1) (b) of the Regulation.
  • In the case of an invoice, the issue and preservation of the invoice is a legal obligation under the Accounting Act and the VAT Act, so in the case of the account, the legal basis for data management is Article 6 (1) (c) of the Regulation.

  Providing data is a prerequisite for signing a contract, it is essential to fulfill an order (online contract). Duration of data processing: Data of the Concerned is managed by the Data Controller after the expiry of the civil law limitation period (5 years) after the performance of the contract, but the data on the invoice must be kept by the Data Controller for 8 years. Source of data: Directly taken from the Concerned. Possible Consequences of Failure to Provide Data: The Affiliate is unable to make a purchase on the Website, because without the provision of personal data it is impossible to fulfill the order. Failure to fulfill orders due to the fact that the Data Controller will not have any data that would make the execution possible (eg delivery).

  • Website registration

Purpose of data management: Ensuring purchase on the Website as a registered user, ensuring access to a registration-related service, convenience function, avoiding the repeated submission of data by the registered User (Person) previously and automatically stored in our system.

Range of managed data: Name, E-mail address, telephone number, billing and shipping address, zip code, city, street, house number. Time of data management: The processing of personal data required during registration begins with registration and lasts until the application is deleted. If the Data Subject does not request the cancellation of his/her registration, the Data Manager shall delete the registration data from its system no later than 30 days after the termination of the Website. Legal basis for data processing:

The legal basis for data processing is the voluntary contribution of the Data Subject as a purchaser under Article 6 (1) (a) of the Regulation. Source of data: Directly taken from the Concerned. Possible Consequences of Failure to Provide Data: The Affiliate cannot use the convenience features associated with the registration, and is not entitled to create a user account.

  • Customer Lending and Contact

Purpose of Data Management: If a Concerned has a question about the Website or Products, you can contact Data Controller via the contact information at support@miraclecream.eu placed on this Prospectus and on the Website.

Data Management Duration, Managed Data: Data Controller manages the email, mail, and other personal information you have provided to him, as well as any other personal information provided in the message, from the date the data has been submitted, until his/her concerns or comments have been reached solve, answer.

Legal basis for data processing: The legal basis for data processing is the voluntary contribution of the Data Subject as a purchaser under Article 6 (1) (a) of the Regulation. Source of data: Directly taken from the Concerned. Possible Consequences of Failure to Provide Data: Lack of Customer Liaison.

  • Complaint handling, data processed for warranty administration

Purpose of Data Management: If you request the Claimant to fulfill a warranty claim related to the purchased product or handle the Complaint’s complaint by the Data Controller, it also manages the processing of personal data during the administration. The purpose of data management is to implement warranty claims and complaint handling in accordance with the legal requirements.

Scope of managed data: The Data Controller manages the name, contact details (e-mail address, phone number, postal address) and complaint of the affected person in relation to complaint handling. Legal basis for data processing:

The legal basis for data management is the fulfillment of obligations under the Consumer Protection Act and the Civil Code under Article 6 (1) (c) of the Regulation.

Duration of data processing: According to the Consumer Protection Act, the data must be retained for 5 years after the complaint is handled. Source of data: Directly taken from the Concerned.

Possible consequences of non-provision of data provision: failure to provide warranty, warranty claim, complaint, given that without the provision of personal data, the Data Controller is unable to contact, maintain and remedy the relationship with the affected person in relation to the particular case.

  • Data management for other purposes

 

  1. Newsletter, DM activity

Range of managed data: Name, email address. Purpose of data management: By subscribing, the Concerned contributes to the direct submission of a direct marketing content newsletter using the direct inquiry method. In case of subscription, the Data Controller – in the absence of any other statement, objection or objection – shall use the personal data provided by the Concerned during the subscription in order to provide the Data Controller with information, action, offer and information about its services.

Data Management Time: The Data Controller handles this data as long as the Subscriber does not subscribe to the newsletter by clicking on the unsubscribe link in the newsletter, or until he/she requests removal by email or post.

In case of unsubscribing, the Data Controller will not seek out the Affiliate with further newsletters or offers. You may unsubscribe from the Newsletter at any time, without limitation or justification, free of charge. Legal basis for data management: Voluntary consent of the data concerned. Possible Consequences of Failure to Provide Data Provision: The Affiliate does not receive a direct marketing newsletter, or does not receive the information, offer, coupon or action contained therein, and is not aware of it.

  1. Market research

Purpose of data management: registration, segmentation of market research subjects, market research based on the provision of information on the purchased product. Type of personal data handled: Name, address, e-mail address, telephone number, purchased product, other personal data provided by the Investigator during market research.

Duration of Data Management: Until the withdrawal of the Affirmative Declaration of the Data Subject. Legal basis for data management: Voluntary consent of the data subject. Only persons aged 16 and over can participate in market research. Possible Consequences of Failure to Provide Data: The Affiliate is not able to participate in market research. Legal basis for data management: Voluntary consent of the Concerned.  

  1. Review as data management:

Purpose of data management: Evaluation of the product(s). Ensuring the discount associated with the evaluation, identification. Managed Personal Information: Name, address, e-mail address, product purchased and opinion on it.

Duration of data processing: Deadline for data deletion: Until withdrawal of consent or deletion of registration. Identifiers of potential data controllers authorized to access the data and recipients of personal data: Personal data may be managed by data management marketing staff, while respecting the above principles.

The data subject agrees that the controller should publish his or her name on different surfaces, including social media.

  1. Data collected in connection with the use of the website:

 

  • Technical Data, Site Visit Details

The Data Controller does not link the data generated during the log file analysis with other information, and does not seek to identify the Person concerned. The IP address is a series of numbers that clearly identifies the computers of the People involved in the Internet. IP addresses can be used to geographically locate a visitor using that computer. The addresses of the pages visited, as well as the date and time data are not suitable for the identification of the Person concerned, but they can be used in conjunction with other data (eg provided during registration) to draw conclusions about the Concerned. Range of managed data: date, time, IP address of the affected computer, type of browser, address of the visited and previously visited website. Duration of data processing: 30 days after the Website is viewed. Legal basis for data management: Voluntary consent of the Concerned.

  • Manage Cookies

Cookies responsibility:

  • collect information about visitors and their tools
  • note the custom settings of the visitors that will be used for example using online transactions, so you don’t have to type them again;
  • make it easy to use the website;
  • provide a quality user experience.

In order to provide customized service, a small data packet, called a data packet, is available on the user’s computer. puts a cookie and reads it later. If the browser returns a previously saved cookie, the cookie provider has the ability to link the user’s current visit to the previous one, but only for its own content. Possible consequences of failure to provide data: incomplete use of the services of the Website, inaccuracy of analytical measurements.

Temporary cookie: Purpose of data management: These cookies are designed to make the Website work more efficiently and safely, so it is essential that some features of the Website or some applications work properly.

Persistent cookie: Purpose of data management: The Data Manager also uses a permanent cookie for a better user experience (eg providing optimized navigation). These cookies are stored for a long time in the browser cookie file. The duration of this depends on the settings the affected person uses in his/her web browser.

Shopping cart cookie: Data management is designed to identify users, register “shopping cart”, manage customer basket (virtuemart), ensure proper navigation. Scope of managed data: name, e-mail address, postal address, phone number, products placed in basket. Data processing time: 30 days.

Security Cookies: The purpose of data management is to identify the current session of the data subject, to prevent unauthorized access. Managed Data: IP address. Data processing time: 30 days

Passwords for password protected session cookies: This cookie is used to identify the data subject after entering the information society service; Identification of the data subject is necessary to avoid interruption of communication with the server on the communications network). Range of managed data: e-mail address, IP address Data management time: 30 days.

Deleting cookies The Concerned has the right to remove the cookie from his computer or to disable the use of cookies in his browser. Usually, you can use cookies in the Tools/Options menu of your browsers under the Privacy/History/Custom Settings menu, with a cookie, cookie, or tracking name. If you are interested in finding out more about what cookies your browser uses, please visit one of the following websites for your browser:

Google Chrome (https://support.google.com/chrome/answer/95647?hl=hu )

Mozilla Firefox (https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn )

Windows Internet Explorer (https://support.microsoft.com/hu-hu/help/260971/description-of-cookies ) Possible consequences of non-delivery of data: incomplete use of the services of the Website, inaccuracy of analytical measurements.  

  1. Data management by external service providers

The portal’s HTML code contains links from an external server and pointing to an external server, independent of the Data Controller. The server of the external service provider is directly connected to the data subject’s computer. Please note that the service providers of these links are able to collect the Concerned due to the direct connection from their server and the direct communication with the Concerned’s browser.

The interface of the Website may contain information, in particular advertisements, coming from third parties, advertising providers not affiliated with the Data Controller. These third parties may also place cookies, web beacons on the Concerned’s computer, or collect data using similar technologies in order to send an advertising message addressed to the Concerned in connection with their services. In such cases, the data management is governed by the data protection rules set forth by these third parties, and the Data Controller assumes no responsibility whatsoever with regard to such data management.

Content that may be personalized for the Concerned is served by the server of the external service provider. The data controllers listed below can provide detailed information on the management of data by an external service provider.

External service providers place and read a small data packet called a cookie on the concerned’s computer for personalized service. If the browser returns a previously saved cookie, the service providers managing it will be able to link the current Visitor’s visit to the previous one, but only for their own content.

Your Ad Manager ads may be displayed on third-party websites (Google). These third-party service providers (Google) use cookies to record that the Concerned has previously visited the Data Controller Website and, based on this, to serve ads on a personalized basis to the Concerned (i.e. remarketing activity). Possible consequences of non-provision of data: Incomplete availability of website services, inaccuracy of analytical measurements.

  • Cookies placed by Google Analytics

Purpose of Data Management: External servers help you independently measure and audit website traffic and other web analytics data (Google Analytics). These cookies are not capable of personally identifying the Concerned (they also only partially record the IP address used).

They collect information such as Affected by which part of the Website you clicked, how many pages it visited, etc. The Data Controller intends to use this data for the purpose of improving the Website and improving the experience provided to the Concerned. Data controllers can provide detailed information on data management to the Concerned.  

Google Analytics uses the following analytics cookies: If the Data Subject does not want Google Analytics to measure the data as described and for the purpose described, install the blocking add-on in your browser. Scope of data managed: IP Address Duration of data management: 14 months Legal basis for data management: Voluntary consent of the Concerned. For more information on data management at www.google.com/analytics, please visit http://www.google.com/intl/en/policies/. The document “How Google Uses Information When You Use a Partner’s Site or App” is available at: www.google.com/intl/en/policies/privacy/partners

  • Google Adwords

Purpose of Data Management: The Website uses Google Adwords remarketing tracking codes. This is based on the fact that you can later use Data Manager to visit your site with remarketing ads on web pages that are part of the Google Display Network. In order for the Data Controller to collect data about the Concerned in this way, the Concerned’s consent is required. Remarketing code uses cookies to tag visitors. Users of the Website may disable these cookies by visiting the Google Ads Preferences Manager and following the instructions there. After that, they will not receive personalized offers from Data Controller. If the Concerned does not want to see remarketing ads, you can also opt out of Google’s use of cookies in your Google Advertising settings. https://adssettings.google.com/authenticated Scope of data managed: IP address, email address, search history Duration of data management: 30 days Legal basis for data management: Voluntary consent of the Concerned.

  1. Other data management

The Data Controller informs Stakeholders that, under the authority of a court, prosecutor, investigating authority, offense authority, administrative authority, National Data Protection and Freedom of Information Authority or other legal entities, they can contact the controller. The controller shall disclose personal data to authorities, provided that the authority has indicated the exact purpose and scope of the data, only to the extent and to the extent strictly necessary for the purpose of the request.

  1. DATA PROCESSING

The Data Controller shall have the right, in accordance with the applicable law, to perform certain technical operations or the provision of services, delivery, etc. use a data processor. The data processor is only entitled to execute the instructions and decisions of the Data Controller.  

Name: ComplExpress Logistics Ltd.

Headquarters: 89-95 Szentendrei str 1033. Budapest, Hungary

Email info@complexpress.hu Activity:

Courier services, warehousing, logistics activities

Company Registration Number: 01-09-980739

Tax number/Community tax number: 12132553-2-41

Data transmitted: IP address, user name, telephone number, e-mail address, postal code, shipping address and name, pick-up address and name, bank account number, message up to 30 characters for the courier. Purpose of Data Transfer: Product Delivery.

 

 

GLS General Logistics Systems Hungary Package Logistics Ltd. (exclusively within Hungary)
2351 Alsónémedi
GLS Európa u. 2.
info@gls-hungary.com

Company Registration
Number : 13-09-111755

VAT number:
12369410-2-44

Community tax number:
HU12369410

Information on Online Consumer Dispute Resolution:
The EU Commission

 Data transmitted: IP address, user name, telephone number, e-mail address, postal code, shipping address and name, pick-up address and name, bank account number, message up to 30 characters for the courier. Purpose of Data Transfer: Product Delivery exclusively within Hungary.

 

 

Name: BUCHMESTER LTD. Headquarters: 20. Bánki Donát str. 2360. Gyál, Hungary

Email address: buchmester.egei@gmail.com

Activity: Bookkeeping Company number: 13-09-195407

Tax number: 24174187-2-13

Scope of data transmitted: billing details name: buyer/company name, zip code, shipping/accounting address, product name, amount paid.  

 

Name: ProfiTárhely Kft.

Headquarters: 23. Szolnoki str. 6000. Kecskemét, Hungary

Phone: 0620 254 0866

Email: ugyfelszolgalat@profitarhely.hu  

Fact of data management, scope of data processed: All personal data provided by the Concerned.

Stakeholders: All stakeholders who use the site.

Purpose of data management: To make the website accessible and to operate it properly.

Duration of data processing, time limit for deletion of data:

The data processing shall continue until the termination of the agreement between the data controller and the hosting provider or the request for deletion of the Concerned to the hosting provider. Legal basis for the processing: Article 6 (1) (c) and (f), and Article CVIII of Act CVIII of 2001 on certain aspects of electronic commerce and information society services. 13/A §. (3). It is in the legitimate interest of the website to operate properly, and to be protected from attacks and fraud.  

  1. DATA SECURITY

The Data Controller shall take all reasonable measures necessary to ensure the security of the data and shall ensure an adequate level of protection of the data, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction or damage. The Data Controller shall select and operate the IT tools used to manage the personal data in the course of the provision of the service in such a way that the managed data:

  • accessible to authorized persons (availability);
  • authenticity and authentication are guaranteed (authenticity of data management);
  • unchangeability can be demonstrated (data integrity);
  • be protected against unauthorized access (data confidentiality).

The data handler retains it during data management:

  • confidentiality: protects the information so that only authorized persons have access to it;
  • integrity: protects the accuracy and completeness of the information and the method of processing;
  • Availability: Ensures that when an authorized user needs it, they can truly access the information they need and have the tools to do so.
  1. CONCERNED’S RIGHTS

1.) Information and access to personal data The Concerned has the right to access the personal data stored by the Data Controller and information related to their processing; check what data is stored by the Data Controller and have the right to access your personal data. The Concerned shall submit his/her request for access to the Data in writing (by e-mail or post) to the Data Controller at the following contact details:

Link (URL): https://miraclecream.eu/contact/

E-mail adress support@miraclecream.eu Postal adress 173rd Szent László str 1237. Budapest, Hungary

The Controller shall provide the information to the Concerned in a widely used electronic format, unless the Concerned requests it in writing (by e-mail or on paper). Upon the oral request, the Data Controller shall not provide information regarding the management and storage of data by telephone. In the case of exercise of the right of access, the information shall include:

  • definition of the scope of the data processed, purpose, time, legal basis of the data processed,
  • transfer of data: to whom the data have been or will be transmitted,
  • data source designation.

For the first time, the Data Controller shall provide the Concerned with a copy of his or her personal data free of charge electronically. Following the disclosure, if the Concerned disagrees with the data management and the correctness of the data processed, he/she may request the rectification, addition, deletion, restriction of processing of his/her personal data as set out in section 7, may request the rectification, addition, deletion, restriction of processing of your personal data concerning you, objection to the processing of such personal data or initiate the procedure set out in paragraph 8.

2.) Right to rectify or complete personal data processed At the written request of the Concerned, the Data Controller shall correct without undue delay the personal data indicated by the Concerned in writing, and shall complete the incomplete data with the content indicated by the Concerned. The Data Controller shall inform all recipients with whom the personal data have been provided of the rectification or supplement, unless it proves impossible or requires a disproportionate effort. The Concerned shall inform the addressees of such recipients upon written request.

3.) Right to Restrict Data Management The controller shall lock personal data instead of deletion if the data subject so requests or if the information available to him/her indicates that deletion would harm the Concerned’s legitimate interests. The personal data so locked up may only be processed for as long as the purpose of the data management, which precludes the deletion of the personal data, exists. When locking data, the controller will provide the personal data with an identifier to limit its further processing for a definite or definite period of time. The Data Controller shall promptly, but at the latest within 30 days, complete the blocking of personal data. The Concerned may, by written request, request the Data Controller to restrict the processing of his or her data if:

  • the Concerned disputes the accuracy of the personal data, in which case the limitation applies to the period during which the Data Controller can verify the accuracy of the personal data,
  • the processing of the data is unlawful and the Concerned objects to the deletion of the data and asks instead to restrict their use,
  • The Data Controller no longer needs personal data for the purpose of data management, but the Concerned requires it to submit, assert or defend legal claims,
  • the Concerned objects to the data processing: in this case the restriction shall apply for a period of time until it is determined whether the data controller’s legitimate reasons take precedence over the Concerned’s legitimate reasons.

Except for storage, personal Concerned to limitation may only be processed with the consent of the Data subject, or for the purpose of filing, asserting or defending legal claims, or protecting the rights of other natural or legal persons, or during important Union or Member State The Data Controller shall inform the Concerned whose request it has restricted data management in advance of the lifting of the data management restriction.  

4.) Right to delete (forget) At the request of the data subject, the controller shall delete or block the personal data contained in the request. When erasing data, the controller makes personal data unrecognizable in such a way that it is no longer possible to recover it The Concerned shall have the right, upon request, to delete personal data relating to him without undue delay on any of the following grounds:

  • personal data are no longer needed for the purpose for which they were collected or otherwise processed by the Data Controller
  • the Concerned withdraws his consent as a basis for data processing and there is no other legal basis for data processing
  • the Concerned objects to the data management and there is no legitimate reason for the data management
  • the Concerned objects to the processing of personal data concerning him for direct marketing purposes
  • personal data is unlawfully processed by Data Controller
  • personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to the controller;
  • personal information was collected in connection with the provision of information society services directly to children.

In addition to the deletion of data at the request of the data subject, the controller shall delete the personal data if:

  • its management is unlawful;
  • incomplete or incorrect and this condition cannot be legally remedied, unless cancellation is excluded by law;
  • the purpose of data management has ceased to exist or the statutory time limit for the storage of data has expired;
  • it has been ordered by a court or by the Authority.

The Concerned may not exercise the right of deletion or forgetting if data management is required:

  • for the exercise of the right to freedom of expression and information
  • to fulfill an obligation under the Union or national law applicable to the controller for the processing of personal data or to perform a task in the public interest or in the exercise of official authority vested in the controller;
  • in the field of public health or for archival, scientific and historical research or statistical purposes in the public interest;
  • or to submit, enforce, or defend legal claims.

  5.) Right to portability If the data management is necessary for the performance of the contract or the data management is based on the voluntary consent of the data subject, the data subject has the right to request that the data provided by the data subject to the data controller be received in a machine-readable form. If technically feasible, you may request that the data be transferred to another controller. In all cases, the data provided by the Data subject are limited in their right of access, and the portability of other data is not possible. (e.g. stats, etc.) The Concerned’s personal data (eg when signing up for a newsletter) in the Data Management System:

  • in a well-defined, widely used, machine-readable format,
  • authorized to transfer to another controller,
  • request the transfer of data directly to another data controller – if technically feasible in your Data Management System.

The Data Controller shall only comply with the request for data portability on the basis of a written request by e-mail or post. Compliance with the request requires the Data Controller to ascertain that the entitled Concerned really wishes to exercise this right. Concerned to this right, the Concerned may request the portability of the data that he or she has provided to the Data Controller. The exercise of the right does not automatically entail the deletion of the data from the Data Management Systems and therefore the Concerned will continue to be registered in the Data Management Systems after the exercise of this right, unless he or she also requests the deletion of his or her data.

6.) Protest against the processing of personal data The Concerned may, by means of a statement to the Data Controller, object to the processing of his or her personal data if the legal basis for such processing is:

  • Article 6 of the GDPR. In the public interest referred to in paragraph 1 (e), or
  • a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.

In the event of the exercise of the right of objection, the Data Controller may not further process personal data unless he proves that the processing is justified by compelling legitimate grounds that override the interests, rights and freedoms of the Concerned or related to the filing, enforcement or protection of legal claims. The Data Controller shall make a determination that the data processing is justified by compelling legitimate reasons. It shall inform the data subject of its position on the matter The Concerned can also object in writing (by email or by mail) or, in the case of a newsletter, by clicking the unsubscribe link in the newsletter.  

7.) Application deadline, procedural rules The Data Controller shall, without undue delay, but in – 6.6. shall, within one month of receipt of any request under paragraph 1, inform the Concerned of the action taken. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months, but in this case the Data Controller shall inform the Concerned within one month of receipt of the request supervisory authority and may have recourse to the courts.

If the Concerned’s request is manifestly unfounded or excessive (in particular due to its repetitive character), the Data Controller may charge a reasonable fee for refusing the request or refuse to act on the request. It is up to the Data Controller to prove this. If the Concerned has submitted the request electronically, the Data Controller will provide the information electronically, unless otherwise requested by the Concerned. Unless it proves impossible or requires a disproportionate effort, the Data Controller shall inform any recipient of any rectification, erasure or restriction on the processing of personal data with whom or to whom the personal data have been communicated. At the request of the Concerned, the Data Controller shall inform these recipients.

8.) LEGISLATIVE OPTIONS The Concerned may exercise his/her rights by e-mail or by written request through the contact details specified in Section 1. The Concerned cannot enforce his or her rights if the Data Controller proves that he or she is not in a position to identify the Concerned. If the Data Controller has any doubts about the identity of the natural person who submitted the request, he/she may request additional information necessary to confirm the identity of the applicant. Pursuant to Info.tv, the Decree and the Civil Code (Act V of 2013):

  1. National Privacy and Freedom of Information Authority (22/c. Erzsébet Szilágyi fasor 1125. Budapest, Hungary; www.naih.hu) or
  2. You can assert your rights in court. The person concerned may also, at his option, bring the action before the competent court in the place where he is domiciled.

Compensation and damages: Any person who has suffered material or non-pecuniary damage as a result of a violation of the Regulation shall be entitled to compensation from the Data Controller or the data processor for the damage suffered. The Data Controller shall only be liable for damages caused by the data processing if he/she has failed to comply with the obligations specifically imposed on the data processors by the law, or if he/she has disregarded or acted contrary to the lawful instructions of the Data Controller. The Data Controller and the Data Processor shall be released from liability if they prove that they are not liable in any way for the event giving rise to the damage.  

9.) MANAGING PRIVACY INCIDENTS A privacy incident is a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data that is transmitted, stored or otherwise handled. The Data Controller shall keep records for the purpose of monitoring the measures related to the data protection incident, informing the supervisory authority and informing the Concerned, including the scope of personal data related to the incident, the scope and number of data subjects, date, circumstances, effects and measures taken. Unless there is a risk to the rights and freedoms of natural persons, the Controller shall inform the Concerned and the Supervisory Authority of the incident without undue delay, but no later than 72 hours after the occurrence of the incident.

10.) MISCELLANEOUS PROVISIONS The Data Controller reserves the right to unilaterally modify this Privacy Policy without prior notice to the Stakeholders via the Website. Amendments shall enter into force on the date specified in the notice unless the Concerned objects to the amendments.

If the Concerned has provided third party data in order to use the service, to subscribe to the newsletter or for any other purpose, or has caused any damage in the use of the Website, the Data Controller shall be entitled to claim compensation from the Concerned. The Controller does not verify the personal data provided to him. The accuracy of the information provided is the sole responsibility of the person providing it.

At the time of providing any personal information, any Affected Person shall be responsible for ensuring that only the personal information provided is used by him/her.

11.) AMENDMENT OF DIRECTIVES From time to time, we may update our Privacy Policy, which will notify you of any changes. We will notify you by email and/or a prominent notice on our Website before the change takes effect, and we will update the “Privacy Date” at the top of the Privacy Policy. We recommend that you periodically review this Privacy Policy for any changes. Changes to the Privacy Policy will take effect when posted on this page.    

Contact us If you have any questions about this Privacy Policy, please contact us at support@miraclecream.eu Effective Date of this Privacy Policy: 09/08/2019.