Data processing information

Purpose of the data processing information

GREENSTAR INTERNATIONAL KFT (1027 Budapest, Horvát utca 14-24, hereinafter referred to as the service provider, data controller) as the data controller, acknowledges the content of this legal notice as binding on itself. It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy and in the applicable national legislation and legal acts of the European Union.

The data protection policies related to the data processing of the Data Controller are continuously available at https://www.my-algae.eu/gdpr .

The Data Controller reserves the right to change this information at any time. Of course, it will inform its audience of any changes in due time. If you have any questions related to this announcement, please write to us and our colleague will answer your question.

The Data Controller is committed to protecting the personal data of its customers and partners and considers it of utmost importance to respect the customers' right to informational self-determination. The Data Controller treats personal data confidentially and takes all security, technical and organizational measures to guarantee the security of the data.

The Data Controller describes its data processing practices below.

Data controller's data

If you would like to contact our Company, you can contact the data controller at info@greenstar.hu and +36312000585.

The Data Controller deletes all emails received, including all personal data, no later than 8 years after the data was disclosed.

Name: GREENSTAR INTERNATIONAL LTD.

Headquarters: 1027 Budapest, Horvát Street 14-24

Company registration number: 01-09-379540

Name of the registering court: Commercial Court of the Metropolitan Court

Tax number: 29027640-2-41

Phone number: E-mail: +36312000585, info@greenstar.hu

Data Protection Officer

Name: Attila Csaba Kovacs

Phone number: +36312000585

Scope of personal data processed

Personal data to be provided during registration

Name, shipping address, email, phone. Optionally, billing address, tax number.

Technical data

The Data Controller selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data:

accessible to those authorized to do so (availability);
its authenticity and authentication are ensured (authentication of data processing);
its immutability can be verified (data integrity);
be protected against unauthorized access (data confidentiality).

The Data Controller takes appropriate measures to protect the data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction.

The Data Controller ensures the security of data processing by implementing technical, organizational and organisational measures that provide a level of protection appropriate to the risks associated with data processing.

The Data Controller retains the following during data processing:

confidentiality: protects information so that only those who are authorized to access it can access it;
integrity: protects the accuracy and completeness of the information and the processing method;
Availability: ensures that when the authorized user needs it, they can actually access the desired information and that the related tools are available.

The role of cookies

collect information about visitors and their devices;
they remember visitors' personal settings, which can be used, for example, when making online transactions, so they do not have to be re-entered;
make the website easier to use;
they provide a quality user experience.

In order to provide a personalized service, a small data package, called a cookie, is placed on the user's computer and read back during a subsequent visit. If the browser sends back a previously saved cookie, the cookie management service provider has the opportunity to connect the user's current visit with previous ones, but only with regard to its own content.

Duration of data processing

The data storage period of the given cookie, more information is available here:

Google general cookie information:

https://www.google.com/policies/technologies/types/

Google Analytics information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal background and legal basis of cookies:

The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the Regulation.

The main characteristics of the cookies used by the website:

Strictly Necessary Cookies: These cookies are essential for the use of the website and enable the use of basic functionalities of the website. Without them, many of the website's functionalities will not be available to you. The lifespan of these types of cookies is limited to the duration of the session only.

Cookies to improve user experience: These cookies collect information about the user's use of the website, for example, which pages are visited most often or what error messages are received from the website. These cookies do not collect information that identifies the visitor, i.e. they work with completely general, anonymous information. We use the data obtained from them to improve the performance of the website. The lifespan of this type of cookie is limited only to the duration of the session.

Third-party cookies (analytics)

Google Adwords cookie: When someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, to personalize the ads you see on Google products, such as Google Search. For example, Google uses such cookies to remember your recent searches, your previous interactions with ads or search results from individual advertisers, and your visits to advertisers' websites. AdWords conversion tracking uses cookies. It saves cookies on a user's computer when a person clicks on an ad to track sales and other conversions resulting from an ad. Some common uses of cookies include: selecting ads based on what is relevant to the user, improving campaign performance reporting, and avoiding showing ads that the user has already seen.

Google Analytics cookie: Google Analytics is Google's analytics tool that helps website and app owners get a better understanding of their visitors' activities. The service may use cookies to collect information and report on website usage statistics without personally identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reporting on website usage statistics, Google Analytics, together with some of the advertising cookies described above, may also be used to show more relevant ads in Google products (such as Google Search) and across the web.

Remarketing cookies: May be displayed to previous visitors or users when they browse other websites on the Google Display Network or search for terms related to your products or services.

Session cookies: These cookies store the visitor's location, browser language, payment currency, and their lifespan is until the browser is closed or a maximum of 2 hours.

Mobile version, design cookie: Detects the device the visitor is using and switches to full view on mobile. Lifespan 365 days.

Cookie acceptance cookie: When you arrive at the site, you accept the statement about storing cookies in the warning window. Its lifespan is 365 days.

Facebook pixel (Facebook cookie) The Facebook pixel is a code that is used to report on conversions on the website, create target audiences, and provide the website owner with detailed analysis data about the use of the website by visitors. With the help of the Facebook pixel, you can display personalized offers and advertisements to website visitors on the Facebook interface. You can read Facebook's data management policy here: https://www.facebook.com/privacy/explanation

If you do not accept the use of cookies, certain features will not be available to you. For more information on deleting cookies, please see the links below:

Data related to online ordering

Name, shipping address, email, phone. Optionally, billing address, tax number.

Data related to online administration

Name, shipping address, email, phone. Optionally, billing address, tax number.

Newsletter related data

Data processing activities related to sending newsletters

Name of the company operating the newsletter sending system: -

Registered office of the company operating the newsletter sending system: -

Telephone number of the company operating the newsletter sending system: -

Email address of the company operating the newsletter sending system: -

The Data Processor participates in the sending of newsletters based on a contract concluded with the Data Controller. In doing so, the Data Processor processes the name and e-mail address of the data subject to the extent necessary for sending the newsletter.

Newsletters can only be subscribed to on a voluntary basis, which can be done automatically by entering the applicant's email address on the website or by indicating your intention to subscribe in an email.

You can unsubscribe at the bottom of the newsletters on the dedicated interface or by sending an email.

Purpose, method and legal basis of data processing

General data processing guidelines

The data processing activities of the Data Controller are based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of data processing.

In certain cases, the processing, storage and transmission of a range of provided data is mandatory by law, of which we separately notify our customers.

We draw the attention of those who provide data to the Data Controller that if they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.

Its data management principles are in line with the applicable data protection laws, in particular the following:

Act CXII of 2011 - on the right to informational self-determination and freedom of information (Infotv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
Act V of 2013 – on the Civil Code (Civil Code);
Act C of 2000 – on accounting (Accounting Act);
Act LIII of 2017 – on the prevention and suppression of money laundering and terrorist financing (Pmt.);
Act CCXXXVII of 2013 – on credit institutions and financial enterprises (Hpt.).

Physical storage locations of data

Your personal data (i.e. data that can be linked to your person) may be processed by us in the following way: on the one hand, in connection with maintaining an internet connection, technical data related to the computer you use, browser program, internet address, and the pages you visit are automatically generated in our computer system, on the other hand, you may also provide your name, contact information or other data if you wish to contact us personally while using the website.

Data technically recorded during the operation of the system: data of the data subject's computer that is generated during voting and that is recorded by the WIX system as an automatic result of technical processes. The automatically recorded data is automatically logged by the system upon entry or exit without any separate declaration or action by the data subject. This data cannot be linked to other personal user data - except in cases required by law. Only WIX has access to the data.

Data transfer, data processing, circle of people who have access to the data

When using the services of GreenStar International Ltd., the Data Controller uses the following data processors:

Accounting: Tímea Horváth-Krivanek

The data processor's registered office is: 9173 Győrladamér, Wilhelm Baumeister Street 13.

Data processor's telephone number: 06205172191

The data processor's email address: horvath.krivanektimea.konyveles@gmail.com

Logistics partner: XXL Courier Ltd.

The data processor's registered office is: 1041 Budapest, Szigeti József utca 25. 9th floor 53rd floor.

Data processor's telephone number: 06202677606

The data processor's e-mail address: info@xxlfutar.hu

The Data Processor cooperates in the registration of orders based on a contract concluded with the Data Controller. In doing so, the Data Processor processes the name, address, telephone number, number and date of orders of the data subject within the civil law limitation period.

Data subject's rights and remedies

Within the period of data processing, you have the following rights in accordance with the provisions of the Regulation:

the right to withdraw consent
access to personal data and information about data processing
right to rectification
restriction of data processing,
right to erasure
right to protest
right to portability.

If you wish to exercise your rights, this will involve your identification, and the Data Controller will necessarily need to communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but identification may only be based on data that the Data Controller already processes about you), and your complaint regarding data processing will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were our customer and would like to identify yourself for the purpose of complaint management or warranty administration, please also provide your order ID for identification. Using this, we can also identify you as a customer.

The Data Controller will respond to complaints related to data processing within 30 days at the latest.

Right to information

The Data Controller shall take appropriate measures to provide data subjects with all information referred to in Articles 13 and 14 of the GDPR concerning the processing of personal data and with all information pursuant to Articles 15 to 22 and 34 in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

The data subject's right of access

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if processing is in progress, you have the right to:

obtain access to the personal data processed and
The Data Controller shall inform you of the following information:
the purposes of data processing;
the categories of personal data processed about you;
information about the recipients or categories of recipients to whom the personal data have been or will be disclosed by the Data Controller;
the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining this period;
your right to request from the Data Controller the rectification, erasure or restriction of processing of personal data concerning you, and to object to the processing of such personal data where processing is based on legitimate interest;
the right to lodge a complaint with the supervisory authority;
if the data was not collected from you, all available information about its source;
the fact of automated decision-making (if such a procedure is used), including profiling, and at least in these cases, understandable information about the logic involved and the significance and likely consequences of such processing for you.

The purpose of exercising the right may be to establish and verify the lawfulness of data processing, therefore, in the event of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.

The Data Controller provides access to personal data by sending you the processed personal data and information by email after you have been identified. If you have registered, we provide access by logging into your user account to view and check the personal data processed about you.

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.

Right to erasure

The data subject has the right to request that the Data Controller erase personal data concerning him or her without undue delay where one of the following reasons applies:

personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the data subject withdraws his/her consent which forms the basis for the data processing and there is no other legal basis for the data processing;
the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
the personal data has been processed unlawfully;
the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
the personal data were collected in connection with the provision of information society services.

The erasure of data cannot be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to which the controller is subject to the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes, or for archiving, scientific and historical research purposes or statistical purposes, based on public interest; or for the establishment, exercise or defence of legal claims.

Right to restriction of data processing

At the request of the data subject, the Data Controller will restrict data processing if one of the following conditions is met:

the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for that period
applies, which allows you to verify the accuracy of your personal data;
the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use;
the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the data controller override those of the data subject.

If processing is subject to restrictions, personal data may only be processed, with the exception of storage, with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or of a Member State.

Right to data portability

If the data processing is carried out in an automated manner or if the data processing is based on your voluntary consent, you have the right to request the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in xml, JSON, or csv format, and if this is technically feasible, you may request that the Data Controller transmit the data in this form to another data controller.

Right to object

The data subject shall have the right, on grounds relating to his or her particular situation, to object at any time to processing of personal data concerning him or her for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller shall no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Automated decision-making in individual cases, including profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Right of withdrawal

The data subject has the right to withdraw their consent at any time.

Right to go to court

In the event of a violation of their rights, the data subject may take legal action against the data controller. The court will proceed with the case without delay.

Data protection authority procedure

You can file a complaint with the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, P.O. Box: 5.
Phone: 0613911400
Fax: 0613911410
E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu

Other provisions

We will provide information about data processing not listed in this information when the data is collected.

We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies authorized by law may contact the data controller to provide information, communicate or transfer data, or make documents available.

The Data Controller will only provide personal data to the authorities - if the authority has specified the exact purpose and scope of the data - to the extent and insofar as this is absolutely necessary to achieve the purpose of the request.

This document contains all relevant data management information regarding the operation of the webshop, in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter: Regulation. GDPR) and Act CXII of 2011 (hereinafter: Infotv.).

GDPR