The trust of our visitors is of paramount importance to us, and we take special care to protect the personal data of our visitors. Accordingly, we inform our Dear Visitors about our data management practices in relation to the use of our website in the following privacy notice.
In preparing this privacy notice, we have taken particular account of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the GDPR), the 2011 GDPR and the 2011 Act on the Right to Information Self-Determination and Freedom of Information. CXII of 2013 (hereinafter referred to as the "Info Act") and Act V of 2013 on the Civil Code (hereinafter referred to as the "Civil Code"). KAT Zrt. therefore takes the provisions of the GDPR in particular into account for all data processing.
Data controller and contact details:
SUPERFOODS Limited Liability Company
1082 Budapest, Futó utca 6. 6. floor 2.
Tel: +36 70 3365289 /E-mail: info@superfoodswebshop.net
Data Protection Officer and contact details:Balázs Hajdu
Concepts:
(1) "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
(2) "processing" means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. "restriction of processing": the marking of stored personal data for the purpose of restricting their future processing;
(4) 'controller' means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
(5) "processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
(6) "recipient" means a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
(7) "third party" means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
8) "data subject's consent" means the freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
(9) "Data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
(10) "terminal device" means the computing or telecommunication device (including, but not limited to, laptop, desktop computer, tablet, smartphone) from which the Website is visited and/or accessed.
Newsletter:
Dear Visitors, please click on [LINK] below to subscribe to our newsletter. After entering your name and email address, you will receive an email containing a confirmation link to the email address you have provided, where you can click on the confirmation link to finalise your subscription to the newsletter. You can unsubscribe from the newsletter by clicking on [LINK] below. Accordingly, the legal basis for data processing is Article 6(1)(a) GDPR and Article 6(1)(a) of the Info tv. Article 5 (1) (a) of the Info Privacy Act.
Purpose of data processing: sending newsletters
Legal basis for data processing: article 6 (1) (a) GDPR; Info tv. Art. 5 (1) (a) (data subject's consent) Art.
Data processed: user name, user email address, subscription time, user IP address
Duration of data processing: until consent is withdrawn (unsubscribe), until the data subject requests erasure
Guestbook:
Dear Visitors, please click on [LINK] below to share your opinions and experiences about our services. If they wish, they can voluntarily and optionally include their name and contact details in their registration. Accordingly, the legal basis for data processing is Article 6(1)(a) of the GDPR and Article 6(1)(a) of the Info tv. Article 5 (1) (a) of the Info Privacy Act.
Purpose of data management: recording of visitor reviews in the guestbook
Legal basis for data processing: article 6 (1) (a) GDPR; Info tv. Art. 5 (1) (a) (data subject's consent) Art.
Data processed: user name, user email address, date of registration, other personal data optionally provided by the data subject
Duration of processing: until the data subject requests erasure
Request a service:
Dear Visitors, you can order certain services from our Company on our website (e.g. ticketing, booking accommodation). When you use these services, we will enter into a contract with you, which will be processed in order to conclude and perform the contract. We process the data until the services you have used have been completed or until the expiry of the related consumer and warranty claims, solely for the purpose of providing the service, unless otherwise provided by law. Accordingly, the legal basis for the processing of the data is Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR in the case of statutory processing and Article 6 (1) (c) Info tv. Article 5 (1) (b) of the Info Privacy Law.
Purpose of processing: provision of services
Legal basis for processing: article 6 (1) (b) GDPR (performance of contract)
Data processed: personal data necessary for the provision of the service
Duration of processing: until the service is provided or until the expiry of the related consumer and warranty claims
Cookies ("cookies"):
The Data Controller places small data packets, so-called cookies, on the terminal device of the Visitor (User) in order to provide a better user experience and personalized service. The Visitor may delete cookies from his terminal device and disable the use of cookies in his browser settings. If cookies are rejected and/or deleted, the use of the website may be limited, which the Visitor acknowledges.
List of cookies used:
Google Analytics
We inform our Dear Visitors that the plug-ins, links, banners and references on our site may direct our Visitors to other websites. The editorial staff, the operator of our website and our Company do not assume any responsibility for the content of other websites. These websites should be visited or used by our Visitors (Users) at their own risk.
Rights of the person concerned:
If you, as a data subject, wish to exercise your rights under the GDPR and the Info law, please contact our Data Protection Officer at any time using the contact details above. Our visitors have the following rights:
1. The right to information about the processing and the data processed (right of access, Article 15 GDPR),
2. Right to rectification of inaccurate data or completion of incomplete data (right to rectification, Article 16 GDPR),
3. The right to request the erasure of personal data and, where personal data have been disclosed, the right to inform other controllers processing the data of the request for erasure (right to erasure, Article 17 GDPR),
4. Right to request restriction of processing (right to restriction of processing, Article 18 GDPR),
5. The right to receive personal data relating to him or her in a structured, commonly used, machine-readable format and to request the transfer of these data to another controller (right to data portability, Article 20 GDPR),
6. Right to object to processing in order to stop processing (right to object, Article 21 GDPR),
7. The right to withdraw your consent at any time in order to stop processing based on your consent. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal (right to withdraw consent, Article 7 GDPR).
8. The right to lodge a complaint with a supervisory authority if you consider that the processing infringes the provisions of the GDPR (right to lodge a complaint with a supervisory authority, Article 77 GDPR).
If you have a complaint, you can contact the supervisory authority using the following contact details:
National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, P.O. Box 5.
E-mail: ugyfelszolgalat@naih.hu
Magyar 
English 
Deutsch 
Français 
Español 
Nederlands 
Italiano