PRIVACY POLICY

 

 

of the Belodore Korlátolt Felelősségű Társaság (registered office: Táblás utca 36-38., building C2, H-1097 Budapest; company registration number: 01-09-386708; short company name: Belodore Kft.; represented by: Trivic Aleksandar general manager) valid as of the 15.05.2023. until cancellation (hereinafter the „Privacy Policy” or „Policy”):

 

 

1. Definitions

 

1. Customer:a legal person or other organization without legal personality, identified in accordance with the authentic data specified in the Contract, operating in accordance with the legislation in force at any time, acting via a representative with contractual capacity and rights, or an adult natural person with legal capacity, as defined by Hungarian legislation, identified in accordance with the authentic data specified in the Contract.
2. User:any person who visits the Webpage.
3. Webpage: belodore.hu website, including the web shop, that is operated by the Vendor.
4. GTC:general terms and conditions of the online store on the Webpage in its up-to-date version.
5. Controller/Vendor:Belodore Korlátolt Felelősségű Társaság (registered office: Táblás utca 36-38., building C2, H-1097 Budapest; company registration number: 01-09-386708; short company name: Belodore Kft.; represented by: Trivic Aleksandar general manager).
6. Data Processor(s):entities listed in point III/2. of the present Policy.
7. Registration: registration of the Customer on the Webpage with the data requested by the Vendor, creation of a User account on the Webpage.
8. User Account:a unique password-protected account created on the Webpage and linked to the Customer via registration, to which an e-mail address belongs as a unique username.
9. Civil Code:Act V of 2013 on the Civil Code.
10. Privacy Act:Act CXII of 2011 on informational self-determination and freedom of information.
11. GDPR:Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
12. Personal Data:any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
13. Data Processing:any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
14. Person Concerned:the Customer and any natural person in representation of the Customer whose personal data is processed by the Controller and the Data processors and the User.
15. Privacy Statement: consent made before shopping or during the Registration of the Person concerned to the Data processing.
16. Personal Data Breach:a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
17. Conclusion of the Contract:the process of concluding the Contract described in part II. of the GTC.
18. Contract:based on the regulations of the 6th book of the Civil Code between persons in absentia, an individual sales contract concluded in respect of the Product, to which the provisions of the current GTC also apply.

 

 

1. Applicable laws and principles relating to Data processing

 

1. The Controller and the Data Processors are entitled to process Personal Data on the basis of the provisions of the Civil Code, the Privacy Act and the GDPR primarily. Further applicable laws on the Data processing are Act C of 2000 on Accounting (hereinafter: „Accounting Act”), Act CLV of 1997 on consumer protection, Act CLXIV of 2005 on trade, Act CVIII of 2001 on certain issues concerning e-commerce services and services related to the information society and Act CLIX of 2012 on postal services primarily.
2. Personal Data shall be:
   • processed lawfully, fairly and in a transparent manner in relation to the Person Concerned,
   • collected for specified, explicit and legitimate purposes and the Controller shall not process further in a manner that is incompatible with those purposes,
   • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed,
   • accurate and, where necessary, kept up to date; the Controller shall take every reasonable step to ensure that Personal Data are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay,
   • kept in a form which permits identification of Person Concerned for no longer than is necessary for the purposes for which the Personal Data are processed,
   • processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

 

 

• Personal data processed, purpose, legal basis and term of Data processing

 

1. For placing and order and for the Conclusion of the Contract the following Personal Data shall be processed:
   • In case of natural person Customers:
     • Last name,
     • First name,
     • Shipping address, country, city, street, number, other address data (e.g. floor, door number), ZIP code,
     • In case the invoice address differs from the shipping address, separate country, city, street, number, other address data (e.g. floor, door number), ZIP code,
     • E-mail address,
     • Phone number.
   • In case of legal persons or Customers qualifying as other organizations without legal personality:
     • First and last name of natural person representing legal person or organization without legal personality,
     • Shipping address, country, city, street, number, other address data (e.g. floor, door number), ZIP code, if it may be linked to a natural person concerned by the Contract,
     • In case the invoice address differs from the shipping address, separate country, city, street, number, other address data (e.g. floor, door number), ZIP code, if it may be linked to a natural person concerned by the Contract,
     • E-mail address of legal person or organization without legal personality, if it may be linked to a natural person concerned by the Contract,
     • Phone number of legal person or organization without legal personality, if it may be linked to a natural person concerned by the Contract.
   • Purposes of Data Processing:
     • enabling the Conclusion of the Contract,
     • proper performance of the Contract,
     • managing of complaints related to the Contract, handling of warranty and other consumer and customer requests,
     • contacting the Customer in order to fulfil the Contract,
     • enforcing other legitimate interests of the Vendor.
   • Legal basis of the Data Processing:
     • Consent of the Person Concerned (point a) of paragraph 1 of Article 6 of the GDPR),
     • fulfilment of the Contract (point b) of paragraph 1 of Article 6 of the GDPR),
     • after the Conclusion of the Contact, fulfilment of accounting legal obligations for the Vendor, regardless of the consent of the Person Concerned (point c) of paragraph 1 of Article 6 of the GDPR).
     • enforcing other legitimate interests of the Vendor (point f) of paragraph 1 of Article 6 of the GDPR).
   • Term of the Data Processing:
     • until the withdrawal of the consent of the Person Concerned to the Data Processing, until the receipt of the request for the deletion of the processed Personal Data by the Vendor, but in accordance with the provisions of the general limitation period of the Civil Code, up to five years.
     • if the Contract is concluded, in respect of the Personal Data recorded in the accounting document, in order to comply with the accounting legislation, pursuant to paragraph (2) of section 169 of the Accounting Act, for eight years.

2. For the Registration, processing of the following Personal Data is required:
   • In case of natural person Customers:
     • Last name,
     • First name,
     • Shipping address, country, city, street, number, other address data (e.g. floor, door number), ZIP code,
     • E-mail address,
     • Phone number.
   • In case of legal persons or Customers qualifying as other organizations without legal personality:
     • First and last name of natural person representing legal person or organization without legal personality,
     • Shipping address, country, city, street, number, other address data (e.g. floor, door number), ZIP code, if it may be linked to a natural person concerned by the Contract,
     • In case the invoice address differs from the shipping address, separate country, city, street, number, other address data (e.g. floor, door number), ZIP code, if it may be linked to a natural person concerned by the Contract,
     • E-mail address of legal person or organization without legal personality, if it may be linked to a natural person concerned by the Contract,
     • Phone number of legal person or organization without legal personality, if it may be linked to a natural person concerned by the Contract.
   • By the Registration, the Customer creates a User Account which facilitates the submission of orders, facilitates the easier and more convenient use of the Webpage, mainly by eliminating the need to re-enter the data required for the Conclusion of the Contract before submitting each order, as these are retained and order details will be filled in automatically by the system.
   • Purposes of Data Processing:
     • enabling the Conclusion of the Contract,
     • facilitating the Conclusion of the Contract by the Registration, as well as establishing the right to other benefits according to the GTC,
     • proper performance of the Contract,
     • managing of complaints related to the Contract, handling of warranty and other consumer and customer requests,
     • contacting the Customer in order to fulfil the Contract,
     • loyalty programs and providing other discounts applied by the Vendor,
     • enforcing other legitimate interests of the Vendor.
   • Legal basis of the Data Processing:
     • consent of the Person Concerned (point a) of paragraph 1 of Article 6 of the GDPR),
     • fulfilment of the Contract (point b) of paragraph 1 of Article 6 of the GDPR),
     • after the Conclusion of the Contact, fulfilment of accounting legal obligations for the Vendor, regardless of the consent of the Person Concerned (point c) of paragraph 1 of Article 6 of the GDPR).
     • enforcing other legitimate interests of the Vendor (point f) of paragraph 1 of Article 6 of the GDPR).
   • Az Term of the Data Processing:
     • until the withdrawal of the consent of the Person Concerned to the Data Processing, until the receipt of the request for the deletion of the processed Personal Data by the Vendor, but in accordance with the provisions of the general limitation period of the Civil Code, up to five years.
     • if the Contract is concluded, in respect of the Personal Data recorded in the accounting document, in order to comply with the accounting legislation, pursuant to paragraph (2) of section 169 of the Accounting Act, for eight years.
     • by the deletion of the User Account, the Data Processing is ceased except in case described in point III/2.6.2.

3. The following cookies(short data files) may be used during the operation of the Webpage.
   • Cookies can manage data that can be used to identify the User.
   • Essential cookies for the use of the Webpage and the appropriate user experience:

Name:	Purpose/Function:	Type and term:	Data Processor:
private_content_version	Appends a random, unique number and time to pages with User content to prevent them from being cached on the server.	1st Party	Magento
persistent_shopping_cart	Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous User.	1st Party	Magento
form_key	A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).	1st Party	Magento
store	Tracks the specific store view / locale selected by the User.	1st Party	Magento
login_redirect	Preserves the destination page the User was navigating to before being directed to log in.	1st Party	Magento
mage-cache-storage	Local storage of visitor-specific content that enables e-commerce functions.	1st Party	Magento
mage-cache-storage-section-invalidation	Forces local storage of specific content sections that should be invalidated.	1st Party	Magento
mage-cache-sessid	The value of this cookie triggers the cleanup of local cache storage.	1st Party	Magento
user_allowed_save_cookie	Indicates if the User allows cookies to be saved.	1st Party	Magento
mage-translation-storage	Stores translated content when requested by the User.	1st Party	Magento
mage-translation-file-version	Stores the file version of translated content.	1st Party	Magento
section_data_ids	Stores customer-specific information related to User-initiated actions such as display wish list, checkout information, etc.	1st Party	Magento
PHPSESSID	To store the logged in User's username and a 128bit encrypted key. This information is required to allow a User to stay logged in to a web site without needing to submit their username and password for each page visited. Without this cookie, a User is unable to proceed to areas of the Website that require authenticated access.	1st Party	Magento

 

• Purposes of the Data Processing:
  • ensuring the proper usability of the Webpage,
  • enabling the Conclusion of the Contract,
  • in case the Contract is concluded, proper performance of the Contract,
• Legal basis of the Data Processing is to enforce other legitimate interests of the Vendor (point f) of paragraph 1 of Article 6 of the GDPR) and, in case the Contract is concluded, fulfilment of the Contract (point b) of paragraph 1 of Article 6 of the GDPR).

• Cookies required for more convenient and user-friendly use of the Webpage:

Name:	Purpose/Function:	Type and term:	Data Processor:
mage-messages	Tracks error messages and other notifications that are shown to the User, such as the cookie consent message, and various error messages, The message is deleted from the cookie after it is shown to the User.	1st Party	Magento
product_data_storage	Stores configuration for product data related to Recently Viewed / Compared Products.	1st Party	Magento
recently_viewed_product	Stores product IDs of recently viewed products for easy navigation.	1st Party	Magento
recently_viewed_product_previous	Stores product IDs of recently previously viewed products for easy navigation.	1st Party	Magento
recently_compared_product	Stores product IDs of recently compared products.	1st Party	Magento
recently_compared_product_previous	Stores product IDs of previously compared products for easy navigation.	1st Party	Magento

 

• Purpose of the Data Processing is to ensure the user-friendly operation of the Webpage.
• Legal basis of the Data Processing is the consent of the User (point a) of paragraph 1 of Article 6 of the GDPR).

 

• Cookies for statistical purposes:

Name:	Purpose/Function:	Type and term:	Data Processor:
_ga	Used to distinguish Users.	3rd Party	Google Analytics
_gid	Used to distinguish Users.	3rd Party	Google Analytics
_gat	Used to throttle request rate.	3rd Party	Google Analytics

 

• Purpose of the Data Processing the achievement of the Vendor’s statistical and marketing goals.
• Legal basis of the Data Processing is the consent of the User (point a) of paragraph 1 of Article 6 of the GDPR).

4. Loyalty program
   • In the framework of the loyalty program described in point VIII/1. of the GTC (hereinafter the: “Loyalty Program”), the Controller processes the following Personal Data of the Customer who participates in the Loyalty Program:
     • Last name,
     • First name,
     • Date of birth,
     • Address,
     • Postal address (if it differs from the address),
     • E-mail address,
     • Phone number.
   • Purposes of Data processing:
     • implementation of the Loyalty Program, fulfilment of obligations that were undertaken in the framework of the Loyalty Program,
     • providing discounts for the Customer that participates in the Loyalty Program,
     • enforcing other legitimate interests of the Vendor.
   • Legal basis of the Data processing:
     • consent of the Person concerned (point a) of paragraph 1 of Article 6 of the GDPR),
     • fulfilment of the Loyalty Program as a contractual system of conditions (point b) of paragraph 1 of Article 6 of the GDPR),
     • enforcing other legitimate interests of the Vendor (point f) of paragraph 1 of Article 6 of the GDPR).
   • Term of the Data Processing:
     • until the withdrawal of the consent of the Person Concerned to the Data Processing, until the receipt of the request for the deletion of the processed Personal Data by the Vendor, but in accordance with the provisions of the general limitation period of the Civil Code, up to five years or
     • cease of the Loyalty Program, excluding or exiting of the Customer from the Loyalty Program.

 

 

1. Methods of Data Processing

 

1. All data provided by the Person Concerned, including Personal Data, are recorded and stored by the Controller for the purposes indicated in Part III. For the purposes indicated in Part VI, the Controller transfers certain Personal Data to the Data Processors, after which the transferred Personal Data will be processed by the Data Processors as well. The Data Processing practices of the Data Processors can be found in the data processing regulations, privacy policy or other public documents for this purpose of the Data Processor given, in absence of which the Data Processing shall be carried out in accordance with the present Privacy Policy.
2. The Controller and the Data Processor process Personal Data in electronic form, except the documents indicated in the Accounting Act. The Controller and the Data Processors shall prevent the occurrence of a Personal Data Breach by applying IT protection and organizational measures that are reasonably and economically sustainable and operable in accordance with up-to-date state of technics.
3. The Person Concerned guarantees that only they have access to the account related to the e-mail address given as Personal Data and that only they will be reachable via the telephone number provided. The Controller excludes its liability in the event that the service provided under the GTC and the Contract affects a third party due to the access to the e-mail account or telephone number of that third party.
4. The Controller does not apply a data protection officer.
5. The Controller and the Data Processors shall ensure that only the persons who participate in the performance of the GTC and the Contract have access to the processed Personal Data and only to the extent that is strictly necessary for the fulfilment of the tasks related to the performance of the GTC and the Contract.

 

 

1. The Data Processors

 

1. Beside the Controller, Data Processors also participate in the Data Processing in order to perform the Contract.
2. Data Processors applied by the Controller:

Name of the Data Processor:	Contact data of the Data Processor:	Name of the representative of the Data Processor:	Description of the activity of the Data Processor:
LeadIt Ltd.	Dositejeva 9/2, Kraljevo, Serbia	General manager Predrag Stojiljković	IT partner in software support and maintenance
Infobiro Ltd.	Vančo Nikoleski br. 3, Ohrid, North Macedonia	General manager Dragan Markoski	IT partner in software support and maintenance
One Stop Marketing	Žitni trg 13, 23000 Zrenjanin, Serbia	General manager Petar Medarević	Loyalty program
Smart Point Adria Ltd.	Murmanska 19, Belgrade, Serbia	General Manager Milivoj Đorđić	Marketing
Cards Print	Novoseljanski put 38 d, 26000 Pančevo, Serbia	General manager Predrag Basarić	Loyalty program
Meta Platforms Technologies Ireland Limited	1/3, 16 Deanston Dr, Shawlands, Glasgow G41 3AE, United Kingdom	https://www.facebook.com/privacy/policy	Advertising agency, marketing and PR agency and service provider
Google Ireland Limited (Google Analytics)	Gordon House, Barrow Street, Dublin 4, Ireland	https://policies.google.com/privacy?hl=en	Advertising agency, marketing and PR agency and service provider
GLS General Logistics Systems Hungary Kft.	2351 Alsónémedi, GLS Európa u. 2.	https://gls-group.com/HU/en/privacy-policy	Delivery services, shipping agents, postal services
NOVOPAYMENT Korlátolt Felelősségű Társaság (Novopayment)	H-1034 Budapest, Tímár utca 20. 4.em	https://novopayment.hu/hu/adatvedelmi-politika	Payment services

 

3. The Data Processors undertake Data Processing in the interest of the Controller, they shall not make independent decisions in connection with the Data Processing and they shall act only in accordance with the instructions of the Controller.
4. Where the present Policy contain a provision for the Controller, this provision shall also be considered binding on the Data Processors.
5. The Data Processors are controlled by the Controller.
6. The Data Processors are not entitled to entrust another data processor with the Data Processing.

 

 

1. Data transfer

 

1. The Controller always provides the highest possible level of security when transferring the Personal Data of the Person Concerned, therefore only transfers such data to service providers and partners, including in particular the Data Processors, which have undertaken contractual obligations, which are established in the European Economic Area and thus comply with the strict European Union data protection legislation applies to them or to organizations that have undertaken guarantees providing equivalent protection.

 

2. The Controller may transfer the data of the Person Concerned to countries outside the European Economic Area, even to those that cannot provide proper data protection. The Controller shall execute this data transfer if the Data Processor concerned obliges itself to comply with the standard contractual clauses published by the European Commission available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32001D0497&from=en.
3. The Data Processors shall not transfer Personal Data to third persons.
4. Otherwise, the disclosure of Personal Data to a third party or public authorities and courts shall be possible only on the basis of a final decision of an authority or of a court or with the prior express consent of the Person Concerned, unless otherwise provided by law.
5. The Controller and the Data Processors shall keep records of the data transfers.

 

 

• Rights of the Person Concerned in connection with the Data Processing

 

1. The Person Concerned has the right to access their Personal Data processed at any time.
2. The Person Concerned has the right to request for information regarding the Data Processing from the Controller and the Data Processors at any time.
3. The Person Concerned can request the correction and modification of their Personal Data. Taking into account the purpose of the Data Processing, the Person Concerned may request the completion of incomplete Personal Data.
4. The Person Concerned may request erasure of their Personal Pata processed by the Controller.

The erasure may be refused or the further retention of the Personal Data may be considered lawful if it is required to the exercise of right to freedom of expression and information, to the fulfilment of a legal obligation, in particular an obligation arising from the GTC or the Contract or legislation, or to establishment, exercise or defence of legal claims.

The Controller shall inform, indicating the reason, the Person Concerned about the refusal of the request for erasure in any case. After fulfilment a request for erasure of the Personal Data, the previous (erased) data may not be restored anymore.

5. Should the Person Concerned consider the Data Processing unlawful, the Person Concerned has the right to object against the Data Processing.

Should the Person Concerned object against the Data Processing, the Controller shall not continue processing the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Person Concerned or for the establishment, exercise or defence of legal claims.

6. The Person Concerned may request the Controller to restrict processing of the Personal Data if the Person Concerned contests the accuracy of the Personal Data processed. In this case restriction is for the term that is enough for the Controller to check the accuracy of the Personal Data processed. The Controller indicates the Personal Data if the Person concerned contests its correctness or accuracy but incorrectness or inaccuracy of the Personal Data contested cannot be clearly identified.

The Person Concerned may also request the Controller to restrict processing of the Personal Data if Data Processing is unlawful but the Person Concerned opposes the erasure the Personal Data processed and requests the restriction of their use instead.

The Person Concerned may also request the Controller to restrict processing of the Personal Data if the purpose of the Data Processing was achieved but the Person Concerned requests processing of them for the establishment, exercise or defence of legal claims.

7. The Person Concerned shall have the right to receive the Personal Data provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
8. The Controller shall keep records of the exercise of the rights of the Persons Concerned.
9. The exercise of the rights of the Person Concerned indicated in this part shall be deemed acceptable and authentic if the statement of exercise of the right related to the Data processing is received from the address or e-mail address provided by the Person concerned and if the Person concerned proves their identity in any other appropriate manner.

 

 

• Personal Data Breach

 

1. In the event of a Personal Data Breach, the Controller shall take all reasonable steps to ensure that no material or non-material damage occurs to the Persons Concerned or that it is kept to a minimum.
2. Upon becoming aware of a Personal Data Breach, the Controller shall identify the nature of the Personal Data Breach and shall ensure that all appropriate technological protection and organizational measures have been implemented, including in particular the notification of the competent data protection authority.
3. If possible, in the event of a Personal Data Breach, the Controller shall notify the competent data protection authority within 72 (seventy-two) hours of becoming aware of the Personal Data Breach.
4. In order for the Person Concerned to be able to take the necessary precautions, the Controller shall inform the Person Concerned without undue delay after becoming aware of the Personal Data Breach, if the Personal Data Breach is likely to pose a high risk to the rights and freedoms of the Person Concerned. The information shall include a description of the nature of the Personal Data Breach and any suggestions made to the Person Concerned to mitigate any possible adverse effects.
5. The Controller shall keep records of Personal Data Breaches.

 

 

1. Enforcement of rights

 

1. The Person Concerned may contact the Controller via mail sent to the registered office of the Controller or any of the Data Processors or via e-mail sent to the contact@belodore.hue-mail address, in connection with the Data Processing.
2. The Person Concerned has the right to contact the Hungarian National Authority for Data Protection and Freedom of Information (NADP) with a complaint related to Data Processing.

Nemzeti Adatvédelmi és Információszabadság Hatóság / National Authority for Data Protection and Freedom of Information:

Postal address: 1363 Budapest, Pf.: 9.

Address: 1055 Budapest, Falk Miksa utca 9-11.

Telephone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu

URL: http://naih.hu

3. In the event of a violation of the rights of the Persons Concerned related to Data Processing, The Person Concerned may bring the case before the court. Proceedings may also be brought before a court having jurisdiction over the place of residence or stay of the Person Concerned, at the choice of the Person Concerned.

 

 

1. Other provisions

 

1. This Privacy Policy is published on the Webpage. The Customer is entitled to read this Policy before providing their Personal Data and shall accept it by making the Privacy Statement before placing the order or the Registration. In the absence of acceptance of the Policy, the Contract will not be concluded.
2. The Controller is entitled to unilaterally amend this Privacy Policy, which shall be published on the Webpage.
3. The Person Concerned accepts the amendment of the Privacy Policy by maintaining the Registration and/or submitting the order.

 

 

Belodore Korlátolt Felelősségű Társaság