Privacy policy

 

Eat Fels Kft (hereinafter: Data Controller) hereby publishes information regarding the data processing activities carried out by it as a Data Controller. This information applies to the services provided by the Data Controller, as well as to data processing activities carried out within the services provided on the website operated by the Data Controller (www.eatfels.com, hereinafter: Website).

Users visiting the Website (hereinafter: Users) accept all the terms set forth in this Privacy Policy (hereinafter: Policy), therefore, we kindly ask you to carefully read through this Policy before using the Website.

1. Data Controller's Details 

The data controller is Eat Fels Kft 

Registered Office: 1123 Budapest, Csörsz utca 5. 4 em. 2. ajtó

Email address: info@eatfels.com 

Phone: +36 30 749 4658

2. Information on Individual Data Processing Activities 

Ordering 

Scope of processed data: 

On the Website, Users have the option to provide their data in order to establish contact with the Data Controller, receive information about the Data Controller's products and services, and receive assistance regarding orders. The following personal data can be provided during the contact (data marked with * are mandatory): 

full name*; 

email address*; 

address*; 

message*; 

mobile phone number. 

Purpose of data processing: Providing information about the Data Controller's products, services, and activities, establishing and maintaining contact with Users interested in the Data Controller's products and services, informing Users, managing feedback related to the Data Controller's activities. 

Duration of data processing: The Data Controller processes personal data from the completion and closure of bilateral communication between the Data Controller and the User until the User requests the deletion of their data or withdraws their consent to the processing of personal data. 

Legal basis for data processing: User's consent pursuant to Article 6(1)(a) of the GDPR.

3. Scope of Authorized Persons to Access Personal Data, Data Processing 

Authorized persons to access personal data are the Data Controller and processors engaged by the Data Controller in accordance with applicable laws. 

The following data processors, acting on behalf of the Data Controller, carry out data processing: 

MailChimp 

Address: The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA 

Purpose of data processing: email campaigns and online marketing advertisements 

Facebook 

Address: 1 Hacker Way #15, Menlo Park (HQ), CA, USA 

Purpose of data processing: online marketing advertisements 

Google 

Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

Purpose of data processing: online marketing advertisements, website visit analysis 

Rackhost Ltd. 

Address: 6722 Szeged, Tisza Lajos körút 41. 

Purpose of data processing: storage necessary for the operation of the online store 

The Data Controller reserves the right to involve additional data processors in the data processing in the future, about which Users will be informed by modifying this Policy. 

In the absence of explicit legal provisions, the Data Controller only transfers personally identifiable information to third parties with the explicit consent of the respective User.

4. User Rights

Access to Personal Data

At the User's request, the Data Controller provides information on whether the Data Controller processes personal data concerning the User and, if so, grants access to the personal data and informs the User about the following information:

  • the purpose(s) of data processing;
  • the types of personal data involved in the processing;
  • the legal basis for transmitting personal data and the recipients in case of data transmission;
  • the planned duration of data processing;
  • the User's rights related to the correction, erasure, and restriction of personal data, as well as objections to the processing of personal data;
  • the right to lodge a complaint with the Authority;
  • the source of the data;
  • essential information about profiling;
  • the name and address of data processors and their activities related to data processing.

The Data Controller provides a copy of the personal data subject to processing to the User free of charge. For additional copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs. If the User has submitted the request electronically, the information must be provided in a widely used electronic format, unless otherwise requested by the individual concerned. 

The Data Controller is obligated to provide the information to the User, who submitted the request for access, in an understandable form without undue delay, but no later than within one month from the receipt of the request. The User may submit the access request through the contact details specified in point 1.


Correction of Processed Data

The User may request the correction of inaccurate personal data or the completion of incomplete data with regard to the purpose of data processing from the Data Controller (contact details specified in point 1). The Data Controller performs the correction without undue delay.


Deletion of Processed Data (Right to be Forgotten), and Locking

The User may request the Data Controller to delete personal data concerning the User without undue delay, and the Data Controller is obliged to delete the personal data without undue delay if one of the following reasons applies:

  1. the personal data is no longer needed for the purposes for which it was collected or otherwise processed;
  2. the User withdraws consent, and there is no other legal basis for the data processing;
  3. the User objects to the processing of their personal data;
  4. the processing of personal data is unlawful;
  5. the personal data must be deleted to fulfill an obligation under EU or national law applicable to the Data Controller;
  6. the collection of personal data is based on the provision of information society services to children.

If the Data Controller has made the personal data public (made them available to third parties), and it is obliged to delete them in accordance with the above, taking into account available technology and the cost of implementation, the Data Controller must take reasonable steps and measures to inform data processors who process the personal data about the User's request for deletion of links to such personal data or copies thereof.

Personal data need not be deleted in cases where data processing is necessary:

  • for the exercise of the right to freedom of expression and information;
  • to fulfill an obligation under EU or national law applicable to the Data Controller, or to perform a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • for reasons of public interest in the field of public health;
  • for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, provided that the right to deletion would make data processing impossible or seriously impede it; or
  • for the establishment, exercise, or defense of legal claims.

Limitation of Data Processing

The User is entitled to request the Data Controller to restrict data processing instead of correcting or deleting personal data if one of the following applies:

  • the User disputes the accuracy of personal data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful, and the User opposes the erasure of personal data and requests the restriction of their use instead;
  • the Data Controller no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise, or defense of legal claims; or
  • the User has objected to the processing; in this case, the restriction shall be for the period until it is determined whether the legitimate grounds of the Data Controller override those of the User.

If data processing is restricted, such personal data may, except for storage, only be processed with the User's consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of significant public interest of the Union or of a Member State.

The Data Controller shall inform the User whose data processing has been restricted in advance of the lifting of the restriction on data processing.

Notification Obligation Regarding the Correction or Deletion of Personal Data, and the Restriction of Data Processing

The Data Controller shall inform all recipients to whom the personal data have been disclosed of any rectification, erasure, or restriction of data processing, unless this proves impossible or involves disproportionate effort. Upon request, the Data Controller informs the User of these recipients.

Right to Data Portability

The User has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, widely used, and machine-readable format, and have the right to transmit those data to another data controller. If requested by the User, the Data Controller will export the managed data in PDF and/or CSV format.

Right to Object

In cases where the processing of personal data is based 

  • on public interest or the exercise of public authority vested in the Data Controller, 
  • the User may object to the processing of their personal data. 

The Data Controller is entitled to further process the personal data if they can prove that there are compelling legitimate reasons for the processing that override the interests, rights, and freedoms of the User, or if the processing is necessary for the assertion, exercise, or defense of legal claims.

If the processing of personal data is carried out for the purpose of direct marketing or related profiling, the User has the right to object to the processing of their personal data at any time. If the User objects to the processing of their personal data for direct marketing purposes, the personal data may no longer be processed for this purpose.

Data Controller's Measures in Connection with the User's Request

Without undue delay, but no later than within one month from the receipt of the request, the Data Controller informs the User about the actions taken in response to the request for access, correction, deletion, restriction, objection, and data portability, as well as any relevant information. If necessary, taking into account the complexity and number of requests, this deadline may be extended by two months. The Data Controller informs the User about the extension of the deadline, stating the reasons for the delay, within one month from the receipt of the request. If the User has submitted the request electronically, the information shall be provided electronically, if possible, unless the person concerned requests otherwise.

If the Data Controller does not take action based on the User's request, they shall inform the User without delay, but no later than within one month from the receipt of the request, about the reasons for not taking action and about the User's right to lodge a complaint with a supervisory authority and to seek judicial remedy. In the case of the User's request, the provision of information, the notification, and the measures taken based on the request shall be provided free of charge. 

If the User's request is clearly unfounded or, in particular due to its repetitive nature, excessive, the Data Controller may charge a reasonable fee or refuse to take action based on the request

Here is the English translation of the provided text:

5. Data Security

The Data Controller commits to ensuring the security of data, implementing the necessary technical and organizational measures, and establishing procedural rules that safeguard the collected, stored, and processed data. It also takes measures to prevent their destruction, unauthorized use, and unauthorized alteration. The Data Controller also undertakes to inform any third parties to whom it transmits or provides data based on Users' consent about complying with data security requirements.

The Data Controller ensures that unauthorized individuals cannot access, disclose, transmit, modify, or delete the processed data. The processed data can only be accessed by the Data Controller, its employees, and the Data Processor it engages. The data will not be disclosed to any third parties who are not authorized to access the data.

The Data Controller makes every effort to prevent accidental damage or destruction of the data. This commitment is imposed on the employees participating in data processing activities.

The User acknowledges and accepts that, despite the Data Controller's use of state-of-the-art security measures to prevent unauthorized access or intrusion, the complete protection of personal data provided on the Website cannot be guaranteed on the Internet. In case of unauthorized access, data exposure, or other similar incidents despite our efforts, the Data Controller shall not be held responsible for such data breaches or any resulting damages. Additionally, the User can provide their personal data to third parties who may misuse it for illegal purposes or in an unlawful manner.

Under no circumstances does the Data Controller collect special categories of data, which include data related to racial or ethnic origin, political opinions, membership in trade unions, religious or philosophical beliefs, health, sexual orientation, criminal convictions, and offenses.

6. Management and Reporting of Data Protection Incidents

Any event that involves the unlawful processing or handling of personal data, including unauthorized or accidental access, alteration, disclosure, deletion, loss, or destruction, as well as accidental destruction or damage, constitutes a data protection incident.

The Data Controller must report the data protection incident to the National Authority for Data Protection and Freedom of Information (NAIH) without undue delay, but no later than 72 hours after becoming aware of the incident, unless the Data Controller can demonstrate that the incident is unlikely to result in a risk to the rights and freedoms of natural persons. If the report cannot be made within 72 hours, the reason for the delay must be indicated, and the required information can be provided without undue delay. The report to NAIH must include at least the following information:

  • The nature of the data protection incident, the individuals affected, and the quantity and category of personal data involved.
  • Name and contact information of the Data Controller.
  • Probable consequences resulting from the data protection incident.
  • Measures taken or planned to handle, mitigate, or remedy the data protection incident.

The Data Controller must inform the individuals affected by the data protection incident within 72 hours of detecting the incident, through the Data Controller's website. The information must include at least the specified data.

The Data Controller maintains a record of data protection incidents for the purpose of monitoring related measures and informing affected individuals. The record contains:

  • Scope of personal data involved.
  • Number and category of individuals affected.
  • Date of the data protection incident.
  • Circumstances and effects of the incident.
  • Measures taken to address the incident.

The data in the record is retained by the Data Controller for five years from the date of detecting the data protection incident.

7. Remedies

The Data Controller ensures that the processing of personal data complies with the law. 

If a user believes that their data protection rights have been violated, they can contact the provided contact information. If their rights have been violated, they can seek remedies from competent authorities, 

  • including the National Authority for Data Protection and Freedom of Information (Nemzeti AdatvĂ©delmi Ă©s InformáciĂłszabadság HatĂłságnál (cĂ­m: 1055 Budapest, Falk Miksa utca 9-11.; ugyfelszolgalat@naih.hu; www.naih.hu)) 
  • or the court.

8. Miscellaneous

This Privacy Policy is governed by Hungarian law, particularly the Act CXII of 2011 on Informational Self-Determination and Freedom of Information, Act CVIII of 2001 on Electronic Commercial Services, the European Parliament and Council Regulation (EU) 2016/679, and other relevant regulations.

Date: Budapest, August 2, 2023

 

Data Processing Information - Cookies

1. Operator's Information

The operator of the website is Eat Fels Kft

Address: 1123, Budapest, Csörsz utca 5, 4. em. 2. ajtó

Email: info@eatfels.com

2. What is a Cookie?

Cookies are short data files placed by visited websites on the user's computer. Cookies aim to facilitate and make internet services more convenient. There are various types, generally categorized into temporary cookies (e.g., for secure identification during online banking) and persistent cookies (e.g., for language settings). Cookies, except those essential for the service, require user consent.

3. What are Cookies Used For?

Cookies allow websites to recognize the visitor's browser upon revisiting. They can store user settings (e.g., language choice) and other information. They collect information about visitors and devices, remember individual preferences, and aid various functions. Cookies generally enhance website usability, provide a better user experience, and allow monitoring and maintenance.

4. What Information Do We Collect?

If the user doesn't provide personal data, the Operator doesn't collect or process any personal data. By visiting and clicking "Accept," the user consents to external providers' use of cookies as described. These include the data generated during website use that's automatically recorded through cookies. This data, automatically recorded upon website entry and exit, isn't linked to individual users and isn't personally identifiable. This data can only be accessed by the external providers managing the cookies and the Operator.

The Operator uses Google Analytics for web analytics. Google Analytics cookies assist in measuring website visits and related data. The collected data is transmitted and stored by Google on external servers. Google uses this information mainly for tracking website visits and creating analyses. Google may also share this data with third parties as required by law.

The data processing by external providers follows their privacy policies, and the Operator assumes no responsibility.

Please note that the provided text contains legal and technical terms that may vary based on context and jurisdiction. For any specific legal concerns or actions, it's recommended to consult a legal professional.

5. How Do We Use This Information?

Data collected through the mentioned technologies is not primarily used for user identification. The Operator only associates this data with potentially identifiable information if the user explicitly consents to the use of identification-capable cookies. The following types of cookies are used:

Cookies Requiring Consent:

These cookies allow the Company to remember user choices related to the website. Users can reject this data processing before and during service usage. This data cannot be linked to user identification data without the user's consent and cannot be shared with third parties.

Cookies Supporting Usage:

The legal basis for data processing is user consent. The purpose of data processing is to enhance service efficiency, improve user experience, and make website usage more convenient. The data processing duration is 6 months.

Performance-Ensuring Cookies:

Google Analytics cookies - information can be found here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Google AdWords cookies - information can be found here:

https://support.google.com/adwords/answer/2407785?hl=hu

Facebook cookies - information can be found here:

https://www.facebook.com/policies/cookies/

OptiMonk cookies - information can be found here:

https://www.optimonk.com/privacy_policy

Hotjar cookies - information can be found here:

https://docs.google.com/document/d/1Rp8kZg2JD2cVSiPK78UXBLCKSyJVb6HiPpME8k7iGIU/edit

The primary purpose of using such data is to ensure proper website operation. This involves tracking website visit data and identifying possible misuse related to website usage.

In addition to the above, the Operator may use this information to analyze usage trends, enhance and develop website features, and gather comprehensive traffic data related to website usage.

The Operator may use the acquired information to create and analyze statistics related to website usage, and share aggregated, non-identifiable statistical data (e.g., visitor count, most viewed topics or content) with third parties, anonymously.

6. Disabling Cookies:

If the user does not want the information mentioned above to be collected regarding their website usage, they can partially or fully disable the use of cookies in their internet browser settings or modify cookie message settings. 

You can find information about the most popular browser's cookie settings at the following links:

• Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu

• Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn

• Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11

• Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7

• Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9

• Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8

• Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq

• Safari: https://support.apple.com/hu-hu/HT201265

7. Cookies Placed by Third Parties:

The website may contain information, especially advertisements, originating from third parties or advertising providers not associated with the website. These third parties may place cookies, web beacons, or similar technologies on the user's computer to collect data for sending targeted advertising messages related to their own services. In such cases, data processing follows the privacy policies set by these third parties, and the Operator assumes no responsibility for such data processing.