Data management and data protection policy of International Fit Kid Division Llc.
- The purpose of the Policy
The purpose of the Policy is the documentation of the data management and data protection practices exercised by International Fit Kid Division Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (International Fit Kid Division Kft. in short), Registered seat: 5008 Szolnok Radnóti Miklós utca 39. Registration umber: Cg. 16-09-013857 hereinafter referred to as ‘Provider’.
During the creation of the Policy the Provider was taking particularly into account the user’s consent, the Infotv. § 5 (1) and 2001 CVIII on certain aspects of electronic commerce services and services related to information society services.
Te Act CXIX of 1995 on the Handling of Names and Addresses for Purposes of Research and Direct Marketing
The VI of 1998 Law on the Protection of Individuals in regards of Automatic Processing of Personal Data, Strasbourg,
On the promulgation of the Convention of 28 January 1981, the XLVIII of 2008 Act on the Basic Conditions and Certain Restrictions of Commercial Advertising, and the recommendations of the “ONLINE PRIVACY ALLIANCE”.
The purpose of these Regulations is to ensure that in all areas of services provided by the Provider, all individuals regardless of nationality or place of residence are ensured that their rights and fundamental freedom, particularly the right to privacy, are respected in the processing of Personal data (data protection).
- Definitions of concept
Question / user : identified or under any other personal data specified – identifiable natural person – either directly or indirectly;
Personal data : associated with the data subject of data – especially the names involved, identification and characteristics of one or more of physical, physiological, mental, economic, cultural or social identity of knowledge – and can be deducted from the data, conclusions concerning him;
Data set: the totality of the data managed in one register;
Data management : Regardless of the method used in any operation or set of operations performed on data totality, in particular the collection, recording, organization, storage, alteration, use, availability, transmission, disclosure, alignment or combination, blocking, erasure or destruction, and preventing, photo, or sound or video recording, preparing and recording the identity of the physical attributes (such as fingerprints and palm prints, DNA samples and iris image.) further use;
controller: International Fit Kid Division Llc
Data processing : technical tasks related to data processing operations, methods or means, and the site of application, provided that the technical tasks performed on the data used to perform operations independently;
Data destruction: complete physical destruction of the data carrier;
Data transmission: Making specific third parties to access the data;
Data processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Data erasure: making data unrecognizable in such a way that it is not possible to be recovered;
Automated data file: a series of data to be processed automatically;
Machine processing: includes the following operations when carried out partly or fully by automated means: storage of data, logical or arithmetic operations on the data, alteration, erasure, retrieval and distribution of the data;
User: the natural person who registers on the Company’s website (fitkid.eu);
Disclosure: making Personal Data available to anyone;
III. The scope of personal data to manage
- Based on the User’s decision, they can provide the following data: e-mail address, phone number, name, place of residence, date and place of birth, the Product Category they chose at the time of purchase, the applied payment method and venue of transaction chose by the User, the subtotal of the amount at purchase.
- List of technical data regarding the operation of the system: The data of the User’s computer which are generated during the usage of the Service, and which are saved automatically as a result set during the technical operation of the Data management system. The data saved automatically shall be saved without the User’s declarative statement or action at Signin and Signout. This data shall not be attached or connected to personal or other User-specific data – with the exception of legal actions or mandatory handover declared by legal entities. The data shall be exclusively accessible for the Data manager.
- The Provider shall place small data packages (called ‘cookies’) on the User’s computer for the purpose of enhancing the supply of User-specific and User-specified, customized data.
- The purpose of the cookies is for the Service to provide the highest quality service possible towards the User in order to maximize User experience. The can be deleted by the User from their computer and is able to set their computer to disable service access for cookies. By disabling cookies the User knows that without cookies the operation of the website is lacking completely customized user experience.
- The legal foundation, purpose and method of data management
- Data management of fitkid.eu is based on the Users’ personal voluntary consent based on the proper and suitably provided information which specifically contains the User’s consent that the information they provide whilst using the Service shall be used according to the specified way and method.
Az Adatkezelés jogalapja az információs önrendelkezési jogról és az információszabadságról szóló 2011. évi CXII. törvény 5.§ (1) bek. a) pontja szerint az érintett önkéntes hozzájárulása.
- The purpose of data management is to insure the correct way of supply of the available data under the URL of fitkid.eu. The mandatory data the User needs to provide in order to use these services are listed under section III: The scope of personal data.3. The purpose of automatically stored data (see point 3.2) is to insure the proper supply of services provided on the web applications by the Provider, to display personally customized content and advertising, creating statistics, developing the application and technical background, to protect the rights of the Users. The data provided by the users during the usage of the web application shall be used by the Data manager to create User groups and provide targeted content and/or display customized advertising.
- The Data manager shall not use User data differing from the specified methodologies listed under these points. Personal User data shall only and exclusively be provided towards third parties and legal operations with the specific Consent given by the user prior to the transfer of data – if not specified otherwise by legal authorities.
- The Data manager shall not exercise authority and check on the User data provided to them. The accuracy of the data shall exclusively be monitored by the User supplying the data as well as the responsibility over the given data. Any given User supplying their email address also takes the responsibility that it’s exclusively the User using the Service provided by the Provider. By taking this responsibility the User acknowledges that any user interaction and data transfer regarding that email address falls under the User’s responsibility and accountability.
- The principles of data management
- Personal data shall only be attained and processed in a lawful and legal manner.
- Personal data shall only be used and stored for lawful and legal purpose and must not be used otherwise.
- The storage of data must be in correlation with their purpose and must not be utilized for other purposes.
- The method of storing personal data shall only be used for identifying the User and serving the purpose of why the data is stored.
- Mandatory security actions must be taken to secure and prevent unlawful destruction, accidental loss, unlawful access by third parties, change or alteration and unlawful spread of User data.
- Data security policies exercise by the Provider
- The User data which is necessary for the operation of the Provider are handled based on the Consent of the User and are exclusively utilized for the purpose of the data.
- In certain situations such as legal actions of law, police inquiries and requests of handover, legal prosecutions, matters related to copyright, fiscal or other type of infringement or the thorough suspicion of them user-specific data must be handed over to relevant authorities.
- The system of the Provider can collect data of the activity and interactions of Users which shall not be connected to User-specific data provided at registration nor with data related to user interaction on other websites or web applications.
- The Provider is committed to inform the User with a straightforward and attention-drawing statement detailing the method of the registration and collection, purpose of usage and principles regarding collection of the data before collecting the from the User. Furthermore, the Provider declares the voluntary nature of providing the data in any case when the collection of certain data is not legally stated and admissioned in government-provided documentaries. Regarding mandatory data provision the relevant law or legal document must be provided. The User must be informed of the purpose of the collection of data as well as the entities that are to manage, handle and process the data. The information of the relevant law regarding the collection of data is also considered as applied if the relevant law has stated the manner of transfer, collection and registration of data.
- In every case when the Provider would like to use the provided data for other purposes altering from the original purpose of collecting the data, the Provider informs the User and acquires the Consent by the user specifically giving the right of the usage of the data and provides an option to deny the usage of the data.
- The Provider as the Data manager complies to every law and legal restriction regarding the registration, collection and utilization of data and informs the Users about every action regarding the data through email according to the Users’ needs. The Provider complies to not displaying any discrimination or drawback regarding the service towards Users that deny the provision of volunatiry provideable data.
- The Provider is complying to keeping User-specific data secure and taking the necessary technical and operational actions and making necessary developments in order to keep the registered, collected, stored and managed Personal data secured and makes sure the prevention of destroying, losing or unlawful usage or modification of them. The Provider also complies to inform third parties about the applicable data policy regarding the data handed over and also the rights and obligations regarding the data.
- If the data is not real or does not seem to cover reality and the crooked data is in the possession of the Data manager, the Data manager shall correct the data.
- The Provider as Data manager shall delete the data if:
i. the management of the data is against the law;
ii. the User asks for the deletion of their personal data;
iii. the personal data is insufficient or false and the nature of possessing the data would draw legal actions or consequences;
iv. the purpose of managing and storing the data ceased to exist or the the legal timeframe regarding storage of the data has become overdue;
v. deletion of the data is ordered by the government of law.
11. Instead of deleting, the Data manager will block the Personal data if the User requests so or if the potential harm for the User seems to hold legitimate interest based on the basis of the information available to them. Personal data blocked this way may only be processed for as long as the purpose of data processing that precluded the deletion of Personal Data exists.
- The rectification, blocking, marking and deletion must be noted and displayed to the User, as well as to all those to whom the Personal data has previously been transferred for the purpose of Data Management. The Data manager may waive the notification if it does not infringe the legitimate interests of the User regarding the purpose of the Data Management.
13. If the Provider as the Data manager does not comply with the request for rectification, blocking or deletion, it shall inform the User in writing within 30 days of the request about the factual and legal reason for rejecting the request for rectification, blocking or deletion. Regarding such rejection the User can turn to the court or the National Data Protection and Freedom of Information Authority.
VII. The timeframe of Data Management
- The management of the Personal data provided by the User will continue until the User unsubscribes from the service with their given username. The date of cancellation is 10 working days from the receipt of the User’s cancellation (cancellation request). In case of illegal or deceptive use of Personal data or in case of a crime or attack on the system committed by the User, the Data manager is entitled to delete their data immediately at the same time the User’s registration is terminated.
- The Personal data provided by the User – even if the User does not unsubscribe from the service – may be processed by the Provider as the Data manager until the User explicitly requests the termination of their processing in writing. The User’s request to terminate Data Management without unsubscribing from the service does not affect his right to use the service, however, in the absence of Personal data, they may not be able to use certain services (eg. auction, ranking). Personal data will be deleted within 10 working days of receiving the request.
3.The data that is automatically and technically recorded during the operation of the system and will be stored in the system for a period of time justified from the moment of their generation in order to ensure the operation of the system. The Provider ensures that this automatically recorded data cannot be linked to other Users Personal data, except in cases required by law. If the User has terminated their Consent to the processing of their Personal data or has unsubscribed from the service, their identity will not be identifiable by any technical data.
VIII. Provisions of personal data
- A change in Personal data or a request for the deletion of Personal data may be communicated in a written statement sent in an email to the internal mailing system of the service. You can stop sending newsletters by changing the user interface settings on the page.
2. Some Personal data may also be modified by modifying the personal profile page.
3. Once the request to delete or modify Personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
- Data processing
The Provider does not use any separate external Data processors, it processes the Personal data by itself.
- The possibility of data transfer
- The Provider as the Data manager is entitled and obliged to transfer all Personal data to the competent authorities if required so by law or a final official obligation. The manager shall not be held liable for such transfers and the consequences of them.
- If the Provider transfers the operation, maintenance or utilization of the service on the fitkid.eu site to a third party partly or as a whole, it may transfer the Personal data managed by it to such third party for further processing without requesting a special Consent. This data transfer may only serve the continuity of the ongoing registered status of already registered Users, however, it may not place the User at a disadvantage in connection with the Data Management and data security rules specified in the text of these Data Management regulations in force under any circumstances or at any time.
- In order to check the legality of the Data transfer and to inform the User, the Provider keeps a data transfer register which contains the date of transfer of the Personal data, the legal basis and recipient of the Data transfer, the definition of the Personal data and other data specified in the Data Management legislation.
- Users’ rights regarding their Personal data managed by the Data manager
- Users may request information about the management of their Personal data from the Provider as the Data manager at any time in writing through the Data manager’s postal address (Hungary 5008 Szolnok Radnóti Miklós utca 39) or by e-mail to firstname.lastname@example.org. A request for information sent by e-mail is considered authenticated by the Data manager only if it is sent from the User’s registered e-mail address.
- The request for information may cover the User’s data managed by the Data manager, their source, the purpose, legal basis, duration of theData Management, the names and addresses of any Data processors, activities related to the Data Management and the purpose of usage of the User data.
3. The Data manager is obliged to provide written information answering the question related to the Data Management as soon as possible, but not later than 30 days after the request was submitted. In case of e-mail, the date of receipt shall be the first working day following dispatch.
4. Regarding the correction of the processed Personal data, the blockage or deletion must be notified towards the User as well as all those to whom the data has previously been transferred for the purpose of Data Management. The notification may be omitted if it does not infringe the legitimate interest of the User regarding the purpose of the Data Management.
- The User may object to the Data Management of their Personal data if
- the processing or transmission of the Personal data is necessary only for the fulfillment of a legal obligation to the Data manager or to reinforce the legitimate interest of the Data manager, the recipient of the Personal data or a third party;
- the Personal data is used or transferred for the purpose of direct business acquisition, public opinion research or scientific research, as well as
- other cases specified by law.
The Provider, as the Data manager shall examine the complaint as soon as possible after its submission, but not later than 15 days after the submission, make a decision based on its merits and inform the User of its decision in writing.
If the Provider determines that the User’s complaint is justified, it will terminate the Data Management, including further Data collection and Data transfer and erase the Personal data, as well as notify all persons to whom the protested Personal data has previously been transmitted and who are obliged to take action to enforce the right to protest.
If the User does not agree with the decision of the Data manager or if the Data manager fails to comply with the deadline referred to in this section, they may apply to a court within 30 days from the notification of the decision or the last day of the deadline.
XII. The modification of the Data Management Policy
XIII. Law enforcement options
The User can enforce their possibilities in accordance with the Information Act and Act V of 2013. (Ptk.), And may also request the assistance of the National Data Protection and Freedom of Information Authority in any matter related to personal data (1125 Budapest Szilágyi Erzsébet fasor 22 / C; postal address: 1530 Budapest, Pf. 5.). In addition, the staff of the Data manager can be contacted at email@example.com with any questions or remarks related to Data Management.
Szolnok, 2020. június 4.