Skip to main content
Current country
Language
en
Current country
Language
en

Webshop Privacy Policy

valid as of July 14, 2019

I. The Data Controller

1. Who processes your data as a data controller?

Company name (short form): ANDA Present Ltd.
Registered and postal address: H-1087 Budapest, Könyves Kálmán krt. 48-52.
Registration number: 01-09-276783
Company Registry Court: Company Registry Court of Budapest - Capital Regional Court Tax ID: 12084230-2-42 
Executive Director: András Attila
Website: www.andapresent.com 
Telephone: +36 1 210 0758 on workday between 9 am and 17 pm
E-mail: info@andapresent.hu

2. How can you contact us with questions and problems regarding to data processing?

Feel free to contact us at the following contacts, preferably by email for the quick and verifiable administration!

Anda Present Kft.
H-1087 Budapest, Könyves Kálmán krt. 48-52.
E-mail address: privacy@andapresent.hu

II. Details of each data processing

1. Registration

Only distributors can buy in our webshop and only if they have pre-registered on our website in the distributor registration interface. As a distributor, consumers cannot be our partners, only sole proprietors or companies with a tax number, as well as non-corporate legal entities.

If you would like to make a purchase in our webshop, you will need to join our distribution team, which you can do by filling in the information requested there after selecting the “Distributor Registration” menu item. When filling in the registration form, it is possible that you provide us personal data (eg. if you are a sole proprietor or as a company you provide contact details, etc.).

1.1. What is the information required for registration?

  • company name, surname + first name in case of a sole proprietor (data required for identification, invoicing),
  • address / registered office (required for billing),
  • delivery address (if different from address, registered office),
  • e-mail address (data required for ordering, confirmation of purchase, sending of e-invoices and other communications related to the purchase, notification and sending of newsletters),
  • landline and / or mobile number (for communication, contract administration and transport communication),
  • username (data required for identification, registration, purchase),
  • password (non-decryptable data, if you forget, we will not be able to re-enter your password by e-mail, you will need to request a new password),
  • contact details (name, e-mail address, mobile number for communication related to ordering, purchasing, invoicing).

The password is non-decryptable data for us, thus ensuring the technical protection of your personal data. Please pay special attention to the confidentiality of your password! If you require a new password, you will receive an email with a link to your registered email address through which you can set a new password.

During registration, you create a user account that is a company / sole proprietor account. For contact data management, please see our general data management information, which can be found here: https://andapresent.com/pages/privacy 

1.2. How can the registration be finalized?

If you wish to register in our system, you can do so by accepting this Privacy Policy and the General Privacy Policy by checking the box next to "I have read and accept the General and Webshop Privacy Policy and Terms and Conditions". We will then send you an automated email with an activation link so that we can filter out the possibility of someone misusing your information to register on your behalf.

If you enter your password using the link in the automated email, you will activate your account and your registration will be complete. If we do not receive a response to your automated email within 30 days, your personal data will be permanently deleted.

The purpose of data processing: to use the system, to enable purchases in our webshop as a distributor, to log in to the system by entering a username and password.

Legal basis of data processing: legitimate interest (Article 6 (1) (f) of the GDPR), which here is the establishment of the distributor legal relationship, the related communication, the submission of distributor orders, the conclusion and performance of contracts.

Deadline for data processing: protest against data management + 3 business days, in which case your non-billing data will be automatically and permanently deleted from the system.

1.3. How do I change or delete my user account?

The user account can be assigned to the distributor company or sole proprietor, if it is necessary to change it, for example because the contact no longer works for the distributor, then the change notified to the sales representative by e-mail can be made by his / her immediate superior.

If you no longer wish to make purchases in our webshop and object to the data processing, please send your statement in writing - primarily by e-mail - to your sales representative, who will delete your user account within 3 business days of receiving the objection.

2. Ordering, purchasing, shipping and related invoicing

Purpose of data processing: operation of a webshop, fulfillment of an electronic order, delivery of goods, documentation of purchases and payments, fulfillment of accounting obligations. For the activities described, we are obliged to identify you as a user and distributor and to contact you (eg order confirmation, delivery, order notifications, etc.) and we are obliged to issue and keep an invoice to you in accordance with the accounting regulations in force at any time. 

If you buy goods in our web store, we will issue an accounting receipt for the purchase transaction and send it to you in the form of an e-invoice. By default, we issue an e-invoice to make business easier. If you would like a paper invoice, we will of course also issue it to you if you specifically request it. Please indicate your need for paper invoicing to your contact person (sales representative) via email.

Legal basis for data processing: performance of contracts by sole proprietors, Article 6 (1) GDPR. point b); legitimate interest of companies (performance of contract, liaison, provision of business) GDPR Article 6 (1). (f), fulfillment of a legal obligation with regard to invoicing, Article 6 (1) GDPR. point c).

Processed data:

  • company name, surname + first name (data required for identification, invoicing),
  • address / registered office (billing information),
  • delivery address (data required for delivery only if different from the above address),
  • e-mail address (order, purchase confirmation, e-invoice and other communication related to the purchase, data required for notification),
  • landline or mobile number (for communication, contracting and transport communication),
  • tax number (billing information),
  • transaction number, date and time (billing information),
  • order number (invoicing data),
  • content of the document (data required for invoicing).

Deadline for data processing: non-registration data related to orders and purchases, which are related to the execution of the given transaction, but are not related to invoicing, are processed within the current civil law limitation period (currently 5 years). The duration of data processing related to invoicing is 8 years, or the period specified in the tax and accounting legislation in force at any time, after the expiry of which your data will be deleted automatically.

If a dispute arises in connection with the order or sale, we will retain your personal data until the final conclusion of the dispute, with reference to our legitimate interest (Article 6 (1) (f) GDPR).

3. What happens to your information if you do not use your registration account for years?

We keep company contact data and the data of sole proprietors for 5 years during the current civil law limitation period. In the event that no orders or purchases have been made, the five years will run from the creation of the user account. If the user account is actively used, the five years count from the last purchase. Once this five-year period has elapsed, we will send an email to the registration email address provided, asking if the individual wishes to maintain their user account. If we do not receive a response from you within 30 days, your details will be permanently deleted. If you declare that you wish to maintain your user account, it will remain up for an additional five years.

4. Newsletter

4.1 How can you subscribe to the newsletter?

We do not provide a separate subscription option for our newsletter on our website, but we will automatically send a newsletter to the e-mail address provided during registration as described in this chapter.

4.2 How can you unsubscribe from the newsletter?

At the end of each newsletter you will find a so-called unsubscribe button, by pressing which you can unsubscribe from our newsletters, as a result of which your data will be deleted from our newsletter database and you will not receive any more newsletters. In addition, if it is more convenient for you, you can also contact the sales representative directly by e-mail requesting to unsubscribe from the newsletter.

4.3 Newsletter content

As part of our newsletter service, we will inform you in the form of a newsletter at the e-mail address you provided, with the regularity we have selected, on the following topics:

  • promotions,
  • changes in opening hours due to holidays, inventory,
  • information on catalogues, in particular, but not limited to, publication, pre-order information,
  • news about new products and technological innovations,
  • information leaflets on exhibitions,
  • information and offers by geographical region.

Purpose of data processing: to send newsletters containing the above information.

Legal basis for data processing: legitimate interest (business continuity, incentive to acquire a business, informing contractual partners about current discounts and opportunities), Article 6 (1) GDPR. point (f), on the basis of a balancing test.

Processed data:

  • name,
  • e-mail address,
  • registered office, address (when sending a newsletter with geographical offers).

We only process the above data to the extent necessary. With the newsletter, we target our customers, i.e. economic entities (companies, sole proprietors).

Deadline for data processing: termination of registration, when your data is permanently deleted from the system in accordance with 1.3. or by pressing the unsubscribe button found in all newsletters, in case you do not wish to receive more newsletters. In addition, if it is more convenient for you, you can also contact the sales representative directly by e-mail requesting to unsubscribe from the newsletter. In the latter case, we will permanently delete your data within 3 business days.

5. Customer service data management

The personal data received at the e-mail address of info@andapresent.hu, as well as on the phone number +36 1 210 0758 (on working days from 8:30 to 17:00) and collected during customer service inquiries to the address of our headquarters are handled by those employees. with appropriate access rights whose job is affected by the customer service request.

For technical questions regarding transactions made through our web store, please contact your sales representative at one of the telephone or email contacts provided by him or her on business days between 8:30 and 17:00.

The purpose of data processing: to handle the customer service requests received by us, to answer the relevant questions.

Legal basis for data processing: legitimate interest, Article 6 (1) GDPR. (f), which is to record, respond to and use customer service inquiries in the event of a claim.

Processed data:

In case of an inquiry by e-mail, the person contacting us:

  • name,
  • his or her e-mail address,
  • additional personal information provided by you (including, in particular, the contact details of the interested party or other person concerned and the circumstances of the case with which the interested party has approached us).

In case of an inquiry by phone, the person contacting us:

  • name,
  • telephone number (landline and / or mobile),
  • date of conversation,
  • time,
  • Personal data provided by you (including, in particular, the contact details of the interested party or other person concerned and the circumstances of the case with which the interested party has approached us).

In the case of a letter sent by post:

  • name of sender,
  • it's address,
  • date of delivery of the letter,
  • Additional personal information provided by you (including, in particular, the contact details of the interested party or other person concerned and the circumstances of the case with which the interested party has approached us).

Deadline for data processing: personal data (including e-mails) processed in connection with general inquiries will be deleted after the end of the purpose of data processing. Thus, if the e-mail and the reply to it are not expected to be necessary for further administration or enforcement, we will take care of the cancellation, otherwise - related to the clarification of a possible dispute situation - the request and the cancellation will take place 5 years after the communication, in accordance with the civil limitation period.

6. Complaints handling

The purpose of data processing: the substantive administration of the complaints received by us.

Legal basis for data processing: legitimate interest, Article 6 (1) GDPR. point f) the efficient, verifiable administration of distributor and customer complaints, the use of such correspondence and individual communication in any official proceedings or in the course of any claim enforcement.

Processed data:

  • name,
  • e-mail address or postal address,
  • Additional personal data provided by you (including, in particular, the contact details of the complainant or other person concerned and the circumstances of the case with which the complainant turned to us).

Deadline for data processing: personal data processed in this way will be kept within the civil law limitation period (currently 5 years), which starts with the disclosure of data.

III. Principles of data processing, the rights of the data subject and their enforcement, administrative deadline

1. Principles of data processing

We will process your personal data in accordance with the legal regulations in force at any time, i.e. only for the purposes stated in your consent as a data subject or justified by legitimate interests and in accordance with the relevant legislation, to the extent necessary for this purpose, processed for a period of time and stored.

If we wish to use your personal data for a purpose other than the original purpose of collecting the data, we will inform you in advance, by e-mail or on the website in order to obtain your necessary consent and provide you with the possibility of prohibiting data processing other than the original purpose.

In view of the above, we apply in particular the following data management principles:

  • lawfulness, fairness and transparency,
  • purpose limitation,
  • data minimisation,
  • accuracy,
  • storage limitation,
  • integrity and confidentiality,
  • accountability.

2. Rights of the data subject

We grant you, as a data subject, the following rights in accordance with the provisions of the GDPR:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to object.
  • The right to data portability

You can read our detailed information about the rights listed above in our general data management information:  https://andapresent.com/pages/privacy 

3. Complaint handling

In the event of an alleged infringement of processing your personal data, we will investigate your complaint within 30 days at the latest.

3.1 To which contact can you send your complaint?

Please send your complaint to us first, by post or e-mail to the following contacts:

Anda Present Kft.
Registered office: 1087 Budapest, Könyves Kálmán krt. 48-52.
E-mail address: privacy@andapresent.hu 

Please exercise your right to oral information only if you are unable to contact us in any other way, given that the certainty of your writing protects both your and our interests.

3.2 Where can you turn with your complaint if you are not satisfied with our complaint handling?

If you are not satisfied with our complaint handling, you have the opportunity to file an action with the competent court (Budapest High Court or according to the place of residence or habitation) or initiate an investigation with the Hungarian National Authority for Data Protection and Freedom of Information at the following contacts:

Postal address: 1024 Budapest, Szilágyi Erzsébet fasor22 / C.
E-mail address: ugyfelszolgalat@naih.hu
Phone number: + 36-1-3911400
Representative: chairman: dr. Attila Péterfalvi
Website: www.naih.hu

For other questions regarding your complaint handling (what information we request, how long and in what form we will respond to you, whether we charge any fees), please read our general data management information at the link below:
https://andapresent.com/pages/privacy 

IV. Data transmission, data processors, other data controllers

1. To whom do we pass on your personal data?

We only make your data available to data processors or other data controllers whose services are absolutely necessary to provide our service through our web store. These companies provide services for our IT systems, the operation of our website, the provision of hosting, as well as the processing of payments and the fulfillment of accounting obligations. The contact details of the referenced companies are listed below, with the possibility that our company may at any time decide unilaterally to use another service provider. In this case, we will amend our data management information accordingly.

In addition to the above, we will only transfer your personal data by law to authorities, courts, notaries and other legally authorized organizations.

Legal basis for the transfer: Article 6 (1) GDPR. point c), fulfillment of a legal obligation.

2. Data processors and its contacts

By using our service provided through our web store, you acknowledge that the following service providers treat your personal data as data processors in a targeted manner and to the extent necessary:

2.1 Hosting-providers

Name of the hosting provider: Virgo Systems Kft.
Registered office of the hosting provider: 1074 Budapest, Dohány utca 12.
Website of the hosting provider: https://systems.virgo.hu/
E-mail address of the hosting provider is info@virgo.hu
The customer service telephone number of the hosting provider: +36 1 336 06 30
Web server hosting company

2.2 Web server hosting company

Company name: Virgo Systems
Head office: 1074 Budapest, Dohány utca 12.
Company registration number: 01-09-689231
Tax number: 12497278-2-42
Represented by Bence Gábor Laczkovich, managing director
E-mail: info@virgo.hu
Website: https://systems.virgo.hu/

2.3 Newsletter company

Company name: Mailchimp - The Rocket Science Group LLC
Headquarters: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia, 30308
Company registration number:
Tax number: MOSS No. EU 826 477 914
Represented by Meghan Farmer Data Protection Officer
E-mail: dpo@mailchimp.com
Website: www.mailchimp.com
The Rocket Science Group LLC / Mailchimp is part of the Privacy Shield data protection framework developed by the US Department of Commerce in consultation with the European Commission to ensure that participating companies provide a level of protection for personal data transferred from the EU in accordance with GDPR provisions. Thus, the data is transferred to a reliable third country data processor.

3. Other data controllers

During the payment, the following companies process your data independently of us, as a separate data controller, based on their own data management policy.

Payment service providers:

OTP Bank Nyrt.
Head office: 1051 Budapest, Nádor u.16.
Tax number: 10537914-4-44
Company registration number: 01-10-041585

Commerzbank Zrt.
Head office: 1054 Budapest, Széchenyi rkp. 8.
Tax number: 10816291-2-44
Company registration number: 01-10-042115

V. Data Security

We guarantee data security in accordance with the provisions of the GDPR, in particular the state of science and technology and the costs of implementation, as well as appropriate technical and organizational arrangements taking into account the varying probability and severity of the risk to the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of data security commensurate with the degree of risk.

In order to prevent the destruction, unauthorized use or alteration of your personal data, we apply in particular the following measures, which we are constantly developing on the basis of the principle of necessity:

  • we use SSL login,
  • Passwords are unencryptedly encrypted; which means that the system does not know your password, encrypts it and only keeps an imprint of it from which the password cannot be recovered, so the system is only suitable for verifying the correctness of the password. Your password will not be known to anyone from our system operator. Please make sure that your password is not known to unauthorized persons.
  • We use the spica standard for our passwords (the password must be at least 6 characters long and must contain lowercase, uppercase, numbers),
  • We create automatic backups of our databases on a separate server,
  • We use mirroring,
  • Our server is a dedicated server located in Hungary, protected 24 hours a day,
  • We doing our best to protect your personal data with a firewall, our server works with an active and passive protection system.

VI. Personal data breach

1. Defining personal data breach

Personal data breach is any case through which an unauthorized person has access to personal data or the data is destroyed, lost or altered.

2. Assess the risk of a data breach, notify stakeholders

For questions regarding the above privacy incidents, please read our general privacy policy at the link below:
https://andapresent.com/pages/privacy 

VII. Definitions, publication and amendment of privacy policy

1. Definitions

If you are interested in an explanation of any of the terms or applicable laws, you can read a summary of them in the general privacy policy here: https://andapresent.com/pages/privacy

2. Disclosure of privacy policy

This webshop privacy policy and the general privacy policy are published on our website under the data protection menu item and are continuously available there.

3. Modification of privacy policy

We are entitled to unilaterally amend this webshop privacy policy and the general privacy policy at any time. If we make changes to any privacy policies, we will draw your attention to them in our news.

The amended provisions will become effective for you on the first use of the webshop after publication and information on the website.