This Privacy Notice regulates the processing operations carried out in connection with the www.hetenyipince.hu website.
While visiting the website and using its services, the visitor (hereinafter: Data Subject) may provide personal data. The purpose of this notice is for the Data Controller to provide information on the organizational and technical precautionary measures taken while processing and protecting data of its website users, as well as to inform Data Subjects to optional legal remedies.
Personal data is any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
The Data Controller upholds the rights to amend any detail of this policy, the amendments shall take effect upon being published on the website.
I. Data Controller information
The www.hetenyipince.hu website is managed by INDIVINUM Winemaker, Vendor, and Provider Limited Liability Company.
Data and contact information of Data Controller and its representative:
- INDIVINUM Ltd.
- Registered office: H-7695Mecseknádasd, Rékavölgyi utca 17.
- Tax number: 13595159-2-02
- Email: info @ hetenyipince.hu
- Phone number: +36 72 463 618
- Representative: János Miklós Hetényi Managing Director, email: info @ hetenyipince.hu, phone number: + 36 72 463 618
II. Data of Data Processor
Data Processors help the Data Controller in delivering its obligations. To guarantee data protection the Data Processor undertakes technical and organizational duties.
- Company name: 2-PIXELS Bt.
- Registered office: H-7625 Pécs, Vilmos u. 26/2.
- Tax number: 20963363-2-02
- email: info @ 2pixels.hu, mobile: +36703691391,
- Representative: Dávid Koltai, email: koltai.david @ 2pixels.hu mobile: +36 70 369 1391
III. Purpose, legal basis and duration of processing of personal data
Provision of data is voluntary. You are not obliged to provide your personal data, however, in failing to do so, you will not be able to purchase products through the webshop as well as use the services offered.
III.1. Legal basis for processing data:
- Article 6(1)(a) of the GDPR: the Data Subject has given consent
- Article 6(1)(b) of the GDPR: processing is necessary for the performance of a contract
- Article 6(1)(c) of the GDPR: processing is necessary for compliance with a legal obligation
- Article 6(1)(f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
Legal basis of certain data processing activities:
- In case of online sales of product with consent given by data subject according to point (a) Section (5) of Act CXII of 2011 (hereinafter: Info Act) and point (a) Section (1) Article (6) of GDPR, contract delivery, documentation of purchase and payment process, delivery of accounting obligation, invoicing and payment according to point (b) Section (a) Article (6) of GDPR
- as well as delivery of legal obligations according to point (c) Section (1) Article (6) of GDPR and point (2) Section (169) of Accounting Act and Section (169) of Act on VAT
Identification of users and communication, delivery of purchased products are in accordance with point (a) Section (1) Article (5) of Info Act, Point (a) Section (1) Article (6) of GDPR and for the completion of contracts point (b) Section (1) Article (6) of GDPR.
|Processed data||Purpose of processing||Duration of processing|
name, address, email address, telephone numberInvoicing address:
surname, first name, telephone number, address (country, postal code, city, street and house number)Delivery address:
Surname, First name, telephone number, address (country, postal code, city, street and house number)
User login account and password given by user (stored encrypted)
|– online sales of products|
– documentation of the purchase and process of payment, accounting obligation
– identification of user as customer and communication
– enabling delivery of purchased products
– Issuing invoice, enabling the completion of payment process
|Until fulfilment of contract, revocation of consent of data subject, otherwise the data will be erased by the Data Controller 5 years after the purchase according to the Section (22) Article (6) of Civil Code.|
In case of obligation of storing data in accordance with the Accounting Act, the data is stored by the Data Controller without consent given by data subject and is erased 8 years after the user account is deleted.
When purchasing products in the webshop consent is given by data subject and data is provided for the following activities: product category, the chosen pickup and payment method and the total items purchased.
Technically registered information during system operation: information on the Data Subject’s computer in use which is generated through system usage and registered by the data processor as an automatic result of technical processes. The automatically registered data is noted without specific consent or activity of the data subject. This data is not connected to any personal data – regardless of the ones mandatorily provided based on law. This data is only accessible by the data processor.
IV. Policy on Cookies
Cookies are used by the Data Controller to function the website, enable easy usage, follow activity on the website and to promote relevant offers. Cookies are small data-packages which are stored in the browser by the internet services. To provide an effective and modern online service user experience it is an inevitable technology which is supported by most browsers.
IV.1 Basic Function Cookies
These cookies ensure basic functioning of the website, make its usage easier and provide information on usage without identification of visitor. These include the acceptance status of Cookies, login type and data stored, the notification status of website and lower function Google Analytics code.
|Name/ type of Cookie||Service Provider||Processed data||Purpose||Duration of processing|
|URL, website name, browser type, size of window, monitor size, java, flash version, location, language||Anonym statistics||2 years|
|URL, website name, browser type, size of window, monitor size, java, flash version, location, language||Anonym statistics||erased after closure of browser|
|URL, website name, browser type, size of window, monitor size, java, flash version, location, language||Anonym statistics||1 day|
IV.3 Aiming and advertising cookies
The purpose of these cookies is to ensure relevant and interesting advertisement displayed to visitors. Data subject cannot be identified through these cookies, it strictly gathers information about visited sites, clicks on certain parts of the websites, how many sites were visited to understand interesting content for the visitor.
Having given consent by the data subject, the Data Controller matches the data on website activity to personal information which is then used to personalise marketing communication to the data subject’s needs and to provide personalised offers.
The following advertisement cookies of service providers are used by the Data Controller:
Detailed information on the service can be found here.
Detailed information on the service can be found here.
|Legal basis of data processing||Purpose of processing||Duration of procession||Data category processed|
|Your consent||Display of relevant advertisement, creation of identification and storage||Depending on the cookie:|
– 90 days
– 18 months
– 2 years
|– Google Adwords conversion code|
– Google Adwords remarketing code
– Google Analytics remarketing functions
– Facebook conversion code
– Facebook remarketing code
– DoubleClick Floodlight code
– portal ID
How to monitor and alter cookie settings?
Every browser allows its users to alter settings of cookies. Some browsers may automatically accept cookies by default, but these settings can be changed to prevent these cookies to be automatically accepted, so the options may always be offered on occasion.
We would like to kindly bring to your attention that our cookies serve the purpose of enabling proper and easier navigation through the site, thus refusing to accept cookies or deleting them may result in malfunction of certain parts of the sites and prevent you from using the site as intended.
Detailed information on the cookie settings of the most popular browsers can be found through the following links:
V. Communication through the website or Facebook
The Data Controller ensures communication through its website as well as Facebook platform. The form filled o the website serves the purpose of communication between the Data Controller and the Data Subject, in order to request an offer, organize technical inspection or create an offer.
- Access rights to personal data
Staff in charge of online purchases employed by the Data Controller as well as Data Processors may have access to personal data in order to fulfil their requirements. Web host of the Data Controller and Data Processors mentioned in this policy have access to personal data.
VI.1. OTP Bank Plc.
Data managed by the data processing purpose of online product sales occurs through credit card accepting network of OTP Bank Plc. (H-1051 Budapest, Nádor u. 16.) for the administration of online payment, fraud-monitoring to confirm transactions and protect users. The following data is forwarded: surname, first name, delivery address, invoicing address, phone number, e-mail address and data regarding payment process.
VI.2. Delivery information
In case of home delivery, the consignee’s name, address and the value of the order are forwarded to either one of the following courier companies: Hungarian Postal Service Ltd. or Zola Transport Ltd. (registered office: H-7100 Szekszárd, Dr. Hirling Ádám utca 11).
VII. Data transfer abroad
- Data transfer to foreign countries does not take place.
VIII. Guarantee ensuring the protection of personal data
- In relation to any form of data processing, the Data Controller is obliged to take necessary technical and organizational measures and establish the procedures necessary to meet the requirements of the regulation and Info Act.
- The Data Controller takes necessary precautionary measures to prevent involuntary or tortious erasure, loss, change, damage, unauthorized publicity or access to data.
- Personal data is regarded and classified as confidential information by the Data Controller. In regards to handling personal data, the employees of the Data Controller are obliged to confidentiality to which they have to provide a statement. Accessibility to personal data is limited by the Data Controller by using clearance levels.
- The information systems and networks are protected using firewalls and anti-malware systems.
- The electric data processing and by the Data Controller is undertaken using a computer program which meets data security regulations. The program ensures that only authorized personnel may have access with the purpose of fulfilling contractual duties within purposeful and monitored environment.
- Information on the rights of data subjects related to processing
- Data Subject holds the right to be informed about the handling of personal data and its circumstances by the Data Controller;
- adjust personal data – in some cases regulated by GDRP – request erasure of data;
- request restriction of processing
- request for information regarding access to whom it shall be given regarding adjustment or erasure of data initiated by the Data Subject
- access to own personal data
- right to data portability (in cases defined by the GDPR regulation)
- object to date processing based on enforcement of interest
- issue a complaint against the Data Controller via letter or email to any of the contact details provided in section I.
- Data Controlled is obliged to determine the case without reasonable delay within a month after receiving the complaint. The Data Controller is obliged to inform the Data Subject of themeasures and the action steps taken, if no steps are taken provision of reasoning and information of the possibility of authoritative intervention
- In regard to the complexity and number of cases, the deadline can be extended to other two months. The extension of the deadline with reasoning shall be communicated to the Data Subject one month at the latest after receiving the notice.
- In case of an unfounded and exaggerated request, the Data Controller may charge a fee or refuse to take action
IX.1. Right to information
After submission of this policy, the Data Controller takes necessary measure to provide all information to Data Subject regulated by the Article 13 of GDPR.
In case the data was not gathered through the Data Subject by the Data Controller, the processing of the data is regulated by the EU or state law.
IX.2. Right of access
After providing identification, the Data Subject holds the right to request feedback from the Data Controller regarding the handling of their personal data. By practicing its obligation to accession, the Data Controller informs the Data Subject via letter or email.
IX.3. Right to rectification and erasure
The Data Subject holds the right to request the adjustment of their personal data.
The Data Subject has the rights to request all their personal data to be eared in a timely manner. The Data Controller is obliged to erase all personal data if:
- the personal data is no longer needed for the purpose it was originally processed for
- the Data Subject withdraws consent, and the processing of data has no other legal basis
- the Data Subject objects to the processing of data, and there is no primarily necessary legal purpose of the processing of data
- the Data Controller is obliged by regulation of the EU and state law to erase all personal data
Data Subject may not hold the right to request erasure of personal date if:
- the Data Controller is obliged to store data regulated by the EU or state law
- the processed data is necessary for the application of legal requests, exercise of rights and protection
IX.4. Right to restriction of processing
The Data Subject holds the right to request restriction of processing with reasonable claim if:
- the Data Subject questions the accuracy of personal data (until the Data Controller inspects the accuracy of data)
- the processing of data is tortious, the Data Subject may request erasure of data
- the Data Controlled is no longer in need of the personal data, but the Data Subject needs it for the application of legal requests, exercise of rights and protection
- the Data Subject objects to the processing of data (until the Data Controller evaluates the request of objection)
During the restriction, other than the pure storage of personal data, the processing of data is only possible with the consent of the Data Subject or for legal purposes.
IX.5. Right to object
The Data Subject may object to the processing of data in case it is legally based on the Data Controller’s enforcement of interests. In this case the Data Controller is only allowed to store data if holds proof to lawfully valid reasons, application of legal requests or protection,
IX.6. Right to data portability
The Data Subject has the rights to receive information provided by the Data Controller in a legible, comprehensive form. Furthermore, has the rights to forward this data to a different Data Controller without the intervention of the Data Controller to which consent was given if:
- the processing of data is based on consent or contract and
- the processing of data is managed through automation
1. Data breach
The breach of data protection involves the involuntary or tortious erasure, loss, change, tortious reporting of personal data or unauthorised access to it.
Our company ensures data protection measures in relation to the severance of the breach, in case of which in a timely manner, but not later than 72 hours, the data controller, data processor or its representative make an official report to the authorities and informed the data subjects.
Having been informed of a data breach, our company at a timely manner will take the necessary steps to end the basis of the data breach damages and restore safety.
The Data Subject will be informed of the measures taken and their outcome.
2. Legal Background
While servicing the www.hetenyipince.hu website the Data Controller handles data of the Data subject in accordance with the following regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
- Act CXII of 2011 – on Informational Self-Determination and Freedom of Information (hereinafter: Info Act)
- Act CVIII of 2001 – on Certain Issues of Electronic Commerce Activities and Information Society Services (hereinafter:)
- Act XLVIII of 2008 – on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (hereinafter:)
- Act C of 2003 on Electronic Communications (hereinafter:)
- Act CXIX of 1995 – on the Use of Name and Address Information Serving the Purpose Research and Direct Marketing
XII. Order of legal remedies
XII. 1. Notification of Complaint
In case you wish to make a complaint in regard to the mishandling of personal data, please contact the Data Controller:
- Registered office: H-7695 Mecseknádasd, Rékavölgyi utca 17.
- Tax number: 13595159-2-02
- Email: info @ hetenyipince.hu
- Phone number: +36 72 463 618
- Representative: János Miklós Hetényi Managing Director, email: info @ hetenyipince.hu, mobile: + 36 72 463 618
XII. 2. Initiating Court Procedure
In case the Data Subject experiences violation of data privacy in regard to the handling of personal data, the Data subject may initiate adversary proceeding against the Data Controller. The case will be investigated by the court of judicature. The proceeding may be initiated at tribunal registered to the Data Subject’s registered address. The case will be handled out of turn. In case of a statement of violation, the data subject may be eligible to receive monetary damages or tort, and the Data Controller may be forced by the court to rightful practice of right of the data subject.
More information and the contact information of the tribunals can be found through this link.
XII. 3. Notification of complaints to the authority
In case of data breach, complaints may be filled against the controller’s violation with the Hungarian National Authority of Data Protection and Freedom of Information.
Contact details of the authority:
- E-mail: firstname.lastname@example.org
- Phone number: +3613911400
- Postal address: 1530 Budapest, Pf.: 5.
- Website: www.naih.hu
Mecseknádasd, 9 December 2019