By continuing to use this site, you agree to the use of cookies. Find out more

GDPR policy of Palmai Succulent Garden Kft.

DATA PROTECTION AND PRIVACY POLICY DATA MANAGEMENT INFORMATION on the processing of personal data by Palmai Succulent Garden Kft. on the website www.palmaisucculentgarden.com

EFFECTIVE: From 03.09.2021 until revoked.

1. Data Controller Information

  • Company: Palmai Succulent Garden Kft.
  • Registered office: 1154 Budapest, Pöltenberg Ernő utca 147.
  • Tax number: 26735599242
  • Company registration number: 01 09 341957
  • Phone: 06304451255
  • Email: palmaisucculentgarden@gmail.com

2. Purpose of the Data Management Information

The data controller acknowledges the content of this legal notice as binding. The purpose of this Data Management Information is to inform partners and customers about the processing of their personal data. The data controller processes personal data strictly in accordance with applicable laws, adhering to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, and limited storage.

The data controller takes all technical and organizational measures to ensure that personal data is processed securely, as required by Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

3. Scope of the Data Management Information

  • Personal scope: Applies to the data controller and all natural persons whose data is processed under this Information, as well as those whose rights or legitimate interests are affected by the processing.
  • Material scope: Covers all data processing activities on the www.palmaisucculentgarden.com website.
  • Temporal scope: Effective from the date of approval, valid indefinitely until further notice.

4. Key Definitions

  • Personal data: Any information relating to an identified or identifiable natural person.
  • Special data: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person’s sex life or sexual orientation.
  • Data processing: Any operation performed on personal data, whether or not by automated means.
  • Data controller: The person or entity that determines the purposes and means of processing personal data.
  • Data processor: The person or entity that processes personal data on behalf of the controller.
  • Joint controllers: Where two or more controllers jointly determine the purposes and means of processing.
  • Third party: Any person or entity other than the data subject, controller, processor, or persons authorized to process data under the direct authority of the controller or processor.
  • Consent of the data subject: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data.
  • Data protection incident: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

5. Lawful Data Processing at the Controller

Personal data is processed only in the following cases:

  1. The data subject has given consent for one or more specific purposes.
  2. Processing is necessary for the performance of a contract to which the data subject is party.
  3. Processing is necessary for compliance with a legal obligation.
  4. Processing is necessary to protect the vital interests of the data subject or another person.
  5. Processing is necessary for the legitimate interests of the controller or a third party.

The controller examines the lawfulness of processing at every stage and only processes data for which it can justify the purpose and legal basis. If the legal basis ceases, processing may only continue if another legal basis can be justified.

6. Data Processors and Joint Controllers

The controller only engages processors that provide adequate guarantees of compliance with GDPR and the protection of data subjects’ rights. Processors act only on the controller’s instructions and are bound by confidentiality.

  • Accounting company: Boldog Számok SBG Kft, 1111 Budapest, Bartók Béla út 40. 1. em. 7.
  • Courier services: No contracted courier; shipments are sent individually via Magyar Posta or UPS.
  • Web hosting and email providers: Also considered data processors.

7. Data Processing Related to Contracts on the Website

For product sales via the website or social media, the controller collects the buyer’s name, address, email, and phone number. The legal basis is the performance of the contract. For legal entities, the contact person’s data is processed based on consent. Invoices are issued as required by law and stored for 5 years.

8. Processing of Invoice Data

Invoices contain the buyer’s name, address, and possibly tax number. The legal basis is compliance with legal obligations. Data is stored for 5 years as required by law.

9. Children’s Data and Special Categories

No one under 16 may subscribe to newsletters, contact the controller, make purchases, or register on the website. Consent from a legal representative is required for those under 16, as per GDPR Article 8(1). The controller cannot verify age or authority; the data subject guarantees the truthfulness of their data.

10. Retention of Email Addresses and Phone Numbers

Personal data such as email addresses and phone numbers are processed primarily for contractual obligations. If the contract ends and there is no legal retention requirement, data is deleted. In some cases, explicit written consent is requested for continued retention.

11. Photos and Videos

The controller does not take photos of customers, only products. If a customer’s image appears, it is used only with written consent for promotional purposes. Consent can be withdrawn at any time.

12. Website Operation

The website uses cookies, with the legal basis being the visitor’s consent. Cookies collect information about visitors and devices, remember preferences, and facilitate website use. Visitors can manage cookies in their browser settings.

13. Newsletter Subscription

Visitors can subscribe to newsletters by giving explicit written consent. Data is processed for marketing purposes until consent is withdrawn.

14. Social Media

The controller operates an Instagram page for marketing. Data obtained via Instagram is used only to respond to inquiries and not for further marketing. Following or interacting with the page is considered consent.

15. Cloud Applications

Cloud services are used for document storage and backup. Providers are considered data processors and must ensure confidentiality and security.

16. Complaint Handling

Personal data is processed for complaint management as required by law. Data is stored for 5 years.

17. Data Security

The controller ensures data security through technical and organizational measures, including physical and IT protection. Only authorized persons have access to data.

18. Data Subject Rights

  • Transparent information
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object

Requests can be sent to palmaisucculentgarden@gmail.com. The controller responds within 30 days.

19. Data Protection Incidents

A data protection incident is any breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data. Incidents are reported to the Hungarian Data Protection Authority within 72 hours if they pose a risk to rights and freedoms.

20. Relevant Legislation

  • Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information
  • Regulation (EU) 2016/679 (GDPR)
  • Act V of 2013 on the Civil Code

21. Right to Judicial Remedy

Data subjects may turn to the courts if their rights are violated. The court acts without delay.

22. Data Protection Authority Procedure

Complaints can be submitted to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):

23. Other Provisions

For data processing not listed here, information is provided at the time of data collection. The controller only discloses personal data to authorities as required by law and only to the extent necessary.

This is a faithful English translation and summary of the Hungarian data protection policy provided by Palmai Succulent Garden Kft.1