PRIVACY NOTICE

in which we inform you, our customer and the visitor of our website, about the rules of data protection and data processing of our company.

1. What principles do we follow during the processing of your data?

Our company follows these principles regarding your personal data:
a) they are processed fairly, lawfully and transparently.
b) they are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
c) data collected and processed by us are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
d) they are also accurate, up-to-date and if they are not, we delete or correct them with no delay (‘accuracy’).
e) they are kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed. (‘storage limitation’)
f) they are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Other regulations regarding your personal data:
a) they are processed, collected, recorded, organised, stored and used only with your consent, which is based on the information that have been provided to you previously, and only to an extent that is essential and connected to a specific purpose.
b) in certain cases, the processing of them is obligatory and based on how it is laid down by the law. In such cases you will be alerted.
c) there are also cases when our company or a third party has a rightful interest in processing them, e.g. the operation, development and securisation of our website.

2. Who are we?

Our company: LETICIA HERBA Termelő és Forgalmazó Kft. (1133 Budapest, Tutaj u. 6/A)
Our website: https://leticiaherba.hu/
You can connect with us here:
Our address: 1133 Budapest, Tutaj u. 6/A
Our branch: 2653 Bánk, Napsugár u. 12.
Our phone number: +36-1-801-2855
Our e-mail address:
Our tax number: 13403001-2-41
Our registration number: 01-09-733435

Based on article 37 of GDPR, our company is not obligated to appoint a data protection officer
During the processing of data, our company– with the aim of ensuring a high-quality service for our customers – works with the following data controllers

NAME

ADDRESS

ACTIVITY

Docca Outsource IT Kft.

1124 Budapest, Apor Vilmos tér 25-26.

storage service

Hajdú István

2040 Budaörs, Tátra u. 22.

accounting

Magyar Posta Zrt.

post service

If any alteration happens regarding our data controllers, we will record the changes in our current notice.

3. What types of data do we process?

Data processed by us:

Type of activity and the purpose of the data processing

Basis for the data processing

Processed data

Duration

Your visit of our website

Our purpose is to ensure the proper and high-quality operation of our website,

supervision and correction of the quality of our services,

the identification of malicious visitors of the website

to measure the number of visits,

for statistical purposes

The legitimate interest of our company

(GDPR Article 6(1)(f)

IP address

time of visit

data of visited subpages,

type of your browser and operating system

for 12 months

The asking and giving of bids

the purpose of the processing of data is the management of the activities in connection with offers

  • the preparation of a contract (in case of a natural person)

(GDPR Article 6(1)(b)

  • the legitimate interest of our company (in case of a natural person being the representative of our partner or customer)

(GDPR Article 6(1)(f)

full name

e-mail address

phone number

postal address

other personal message

for 1 year, or in case of a contract, 5 years

The processing of data of a partner with contract (in case of a natural person)

the purpose of the data processing is the preparation and performance of our contracts, the performance of the legal obligations in connection with the contract, being able to stay in touch with the customer during this period, in order to maintain a smooth process of business

  • the preparation and the performance of a contract

(GDPR Article 6(1)(b)

and

  • the performance of a legal obligation (according to accounting and tax legislation)

(GDPR Article 6(1)(c)

name

phone number, e-mail address

and

other data that are required for the preparation and performance of the contract

for 5 years after the expiration of the contract

or

according to the accounting and tax legislation, 8 years

Processing of data of the representatives of our partner with contract

the purpose of the data processing is the preparation and performance of our contracts, the performance of the legal obligations in connection with the contract, being able to stay in touch with the customer during this period, in order to maintain a smooth process of business

the legitimate interest of our partner with contract and our customer

(GDPR Article 6(1)(f)

(according to the LIA (legitimate interests assessment))

name

phone number, e-mail address

and

other data that are required for the preparation and performance of the contract

for 5 years after the expiration of the contract,

or

for 5 years after the ending of the representation

Processing of the data of the job applications that are sent to our company

the purpose is the filling of the opening positions at our company, the processing of the data of the applicants, the conducting of interviews, the appointment of the candidate, the signing of a contract

the preparation of a contract

(GDPR Article 6(1)(b)

and

the legitimate interest of our company (after the selection, in case of the expiration of the deadline of the legal remedy)

(GDPR Article 6(1)(f)

and

  • the consent of the applicant

(GDPR Article 6(1)(a)

name, phone number, e-mail address, qualifications and other personal data mentioned in the motivational letter and the CV of the applicant, and the personal data that were recorded during the interview

after the filling of the position, the received applications are deleted when the deadline of the legal remedy expires, except if the applicant gives his/her consent to the further processing of his/her data, in that case, for the duration agreed by the parties (1 year at the most)

Data processing relating to recordings published on our website

introduction of the owners of our company and our products

consent of the data subject

(GDPR Article 6(1)(a)

image of the data subject, recorded acts of the data subject, conclusions drawn from these acts

until the withdrawal of the consent

Administration of complaints

the purpose is processing the personal data of the complaints received by our company

legal obligation

(Act CLV of 1997 17/A. §)

(GDPR Article 6(1)(c)

name and address of the complainant,

the time, place and way of complaint,

the detailed description of the complaint, the register of the documents and other evidences of the complainant,

the statement of our company about our opinion on the complaint, if the immediate examination of the complaint is possible,

the signature – except if it is received through telephone or other electronic communication services – of the person reporting the complaint and the complainant,

the time and place of the register,

the identification number of the complaint if it is received through telephone or other electronic communication services.

according to law

(5 years)

Further questions in connection with data processing can be asked at or be sent to our postal address. We must answer them without delay and at the latest within one month to your given address.
There is a separate privacy notice about the data processing of our employees.

4. What are cookies and how do we use them?

Cookies

To make this site work properly, we sometimes place small data files called ’cookies’ on your device. Most big websites do this too.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?

The most commonly used browsers (Chrome, Firefox etc.) generally accepts and permits the downloading and usage of cookies. However, it is up to you whether you choose to reject or ban these cookies by changing the settings of the browser. You can also delete the cookies stored on your computer. You can be informed about the usage of cookies of certain browsers in their ’help’ section.
You have the chance to maintain cookies to your liking or delete them. Please visit aboutcookies.org if you want to know more. You can delete all cookies stored on your computer and in most of the browsers, you have the ability to ban them. However, in that case it may happen that every time you visit a certain website, you have to make some settings manually and you should also be aware that some functions and services may not operate perfectly. There are cookies that don’t require your consent to operate. Our website briefly informs you about them the first time you visit us. For example, the authentication cookies, multimedia content player cookies, load-balancing cookies, session cookies helping the customisation of the user interface and the user-centric security cookies.
Our company doesn’t use or allow cookies that can help a third party taking possession of your data without your consent.
Accepting cookies is not obligatory, but in that case our company doesn’t take responsibility if our website doesn’t work properly.
You can read about cookies from a third party by clicking on the following links:
https://policies.google.com/technologies/types?hl=en
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
https://support.google.com/analytics/answer/6004245?hl=en
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

How to control cookies

You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

What types of cookies do we use?

Type

Name

Consent

Description

Purpose

Validity

user interface customization

icl_current_language

not required

for languages

ensuring the proper working of the website

1 day

You can easily accept or reject the cookies on this site by choosing one of the following links: I accept cookies / I refuse cookies.

5. What other things do you have to know about the data processing of our website?

You give your personal data to us voluntarily during your interactions with our company, therefore we ask you to ensure that your data are real, correct and accurate since you are responsible for these. Incorrect, inaccurate or deficient data can make providing our services more difficult for us.
If you give another person’s data instead of yours, we assume that you are authorized to do so.
You can withdraw your consent to data processing freely anytime you want to. This doesn’t make data processing prior to your withdrawal unlawful.
We will put your withdrawal in order within 5 days – for technical reasons -but you should know that we have the legal basis to continue certain data processing activities in order to perform our legal obligation or to validate our legitimate interest.
In case of the usage of misleading data or if one of our visitors commits any felony or attacks the system of our company, the data of this visitor will be immediately deleted or – if needed – we preserve them during the prosecution or the stating of civil liability.

6. Other questions regarding data processing

Your data can only be transferred according to the legal regulations. Regarding our controllers, we ensure – by stating certain conditions in our contract – that your data are not used for purposes that are not in accordance with your consent. Further information can be found in point 2.
Our company can only transfer data to other countries according to the GDPR (chapter 5) and the Privacy Act.
The court, the prosecution and other authorities (e.g. police, tax office, Hungarian National Authority for Data Protection and Freedom of Information) can contact our company in order to ask for information, data or documents. In these cases, we must perform our legal obligation for providing data but only to a necessary extent that can be justified by their legitimate purpose.
The contributors in the data processing of our company are authorised to use your personal data but only to a previously stated extent and in a confidential manner.
Your personal data are protected by technical and other measures. You are also granted with the security and availability of your data, and we prevent them from being accessed, modified, damaged and published unlawfully or being misused in any other way.
By organised measures, we supervise the physical accessibility. We also constantly educate our employees and we store paper-based documents with appropriate protection. By technical measures, we use encryption, password securisation and antivirus software. Please note that transferring data through the internet cannot be considered as a way of properly secure data transferring. Our company does everything in its power to make these processes as secure as possible, but we cannot take responsibility for data transferring through our website. We take great care of complying all the regulations regarding the security of your data to prevent them from any misuse.

7. What are your rights and possibilities of legal remedy?

You
• can ask for information about your data processing,
• can ask for the rectification of your personal data,
• can object the processing of your data and ask for the erasure and restriction of them (if there is a legal basis for it),
• have the right to data portability (if there is a legal basis for it),
• have the right to a legal remedy,
• can complain or start a legal procedure at the supervisory authority (https://naih.hu/panaszuegyintezes-rendje.html). You can complain in the member state of your home, workplace or the place where the unlawfulness happened.

Supervisory Authority:
Hungarian National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal Address: 1530 Budapest, Pf.: 5.
Phone Number: +36 (1) 391-1400, Fax: +36 (1) 391-1410
E-mail Address: Website: https://naih.hu/

What rights are granted for you by GDPR?

Right to rectification: You have the right to ask the controller for the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, even by a supplementary statement.

Right to erasure („right to be forgotten”): You have the right to ask the controller for the erasure of personal data concerning you without undue delay and the controller has to erase your personal data without undue delay where one of the following grounds applies
• your personal data are no longer necessary in relation to the purposes for which they were processed,
• you withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing,
• you object to the processing according to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing based on Article 21(2),
• your data have been unlawfully processed,
• we have to delete your personal data because of a legal obligation in Union or Member State law
• your personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
If we share your personal data, we must warn other data controllers by all technological means that you have requested the deletion of your data on every platform. (Article 17(1))
We are not obligated to delete your data if the processing of them is necessary
• for exercising the right of freedom of expression and information,
• because our company has to process them according to a Union or Member State law or if its a performance of a task carried out in the public interest or in the exercise of official authority
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) or if this erasure would make the processing of data impossible or extremely difficult,
• for the establishment, exercise or defence of legal claims.

Right to restriction of processing: You have the right to ask the controller for the restriction of processing where one of the following applies:
• you don’t agree with the accuracy of these data, in this case your data will be restricted for a period of time, enabling us to correct them,
• the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead,
• we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
• you have objected to processing according to Article 21(1) and you’re waiting for the verification whether our legitimate grounds override those of yours.
Where processing is restricted, your personal data must – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Our company must inform you, who have requested the restriction of the processing, of your data, if this restriction is over.
Our company informs all controllers who have processed these data, about all rectifications, erasures or restrictions, except if it’s impossible or extremely difficult. If you ask for the list of these controllers, we must provide it to you.
Right to data portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without any obstruction from us to which your personal data have been provided, where
• the processing is based on consent according to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract according to point (b) of Article 6(1) and
• the processing is done by automated means.
In exercising your right to data portability according to Article 20(1), you have the right to have your personal data transmitted directly from one controller to another, where technically possible.

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1), including profiling based on those instructions. We no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to our processing of them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data can no longer be processed for such purposes.
Where your personal data are processed for scientific or historical research purposes or statistical purposes according to Article 89(1), you, on grounds relating to your particular situation, have the right to object to processing of your personal data unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Right of access by the data subject: If you request information about your personal data processed by us or by our commissioned data controller, we must provide this information about
• your data,
• the source of these data,
• the purpose and legal basis of the processing of your data,
• the duration of the processing, and if it’s not possible, the aspects of determining the duration,
• the name and address of our data controllers and their activities,
• the circumstances, effects and the measures of the prevention of personal data breaches, and
• the legal basis and the addressee if we transfer your data.
We must inform you as soon as we can but within maximum 30 days. The information is provided to you without expenses, except if you have already submitted a request for information in the same data category in the past 365 days. We refund the expenses that have already been paid by you if we controlled your data unlawfully or we had to correct them because of your request. We can reject to inform you only if we have a legal basis for it and we have to refer to the exact legislative place where it’s stated. We must also inform you about your right to a legal remedy and your right to appeal at the supervisory authority.

If we don’t fulfil your request of rectification, restriction or erasure, we must inform you about the reason of our rejection in writing or – if you give your consent to it – using an electric device as soon as possible but in maximum 30 days. We must also inform you about your right to a legal remedy and your right to appeal at the supervisory authority. You can do the latter in the member state of your home, workplace or the place where the unlawfulness happened.

If you reject the processing of your personal data, we must answer your request as soon as we can but in maximum 30 days and inform you about our decision in writing. If we decided that your request is rightful, we stop the further processing, collecting and transferring of your data. We also notify all the other controllers who processed your data and who are obligated to take measures in order to fulfil your request.
We can reject fulfilling your request if we prove that the processing of your data is justified by such legitimate reasons that are superior to your interests, rights and freedoms or are connected to the establishment, exercise or defence of legal claims. If you don’t agree with our decision or the deadline expires for our response, you can appeal at the supervisory authority in 30 days from receiving our response or from the last day of the deadline of our response.

Please contact our company before appealing at the supervisory authority, in order to find a solution in the fastest and most efficient way.

8. What are the most important laws relating to our activities?

• Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data (GDPR)
• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Privacy Act)
• Act V of 2013 on the Civil Code (Ptk.)
• Act C of 2000 on accounting (Számv. tv.);
• Act CLXV of 2013 on complaint and public interest announcement (Pktv.)

9. Modification of Privacy Notice

Our company reserve the right to modify this privacy notice and will properly inform the parties involved. Information regarding data processing will be shared on this website https://leticiaherba.hu .

30 April, 2019, Budapest