Privacy Policy

This Privacy Policy contains the rules on processing, handling and transmitting personal data of user – hereinafter referred to as: Data Subject – engaging any perfume wholesale or related services – hereinafter referred to as: Services – provided by the Controller. Data processing under this Policy shall be conducted on the ground of the legal relationship deriving from the rendering of Services between the Controller and the Data Subject.

Controller informs the Data Subject that in the performance of the Services, all personal data entrusted with the Controller will be recorded by the Controller.

The legal basis for data processing shall be the performance of a contract pursuant to the Regulation to which Data Subject is a party, or Paragraph 5(1)b of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information – hereinafter referred to as: Information Act.

The contents of the Privacy Policy serve to fulfil the obligations laid down in Section 13 of the Regulation and in Section 14 Point a.) and Section 15 Paragraph (1) Point a.) of the Information Act by providing full disclosure to Data Subject on all matters indicated therein with regard to data processing.

Data processing shall extend to the following data – hereinafter referred to as: Data – concerning the Data Subject:

The purpose of data processing is to simplify the settlement of any disputes and to enable Controller to provide the Services to Data Subject at the highest possible quality.

Controller and natural persons employed by or engaged in a work-related relationship with Controller, as well as any partners of Controller involved in the rendering of the Services, shall be entitled to conduct data control and data processing conducted on that basis. The persons specified in this subsection shall be entitled to obtain the data provided by Data Subject to Controller.

Controller informs the Data Subject that, in view of the final phrase of paragraph (91) set out in the introductory provisions of the Regulation, no impact assessment has been carried out and no Data Protection Officer has been appointed.

With regard to definitions concerning data processing, the definitions specified in the Regulation and in the Information Act shall prevail.

In view of Section 1.3, the Data Subject acknowledges that Controller shall collect, process and transmit their Data for the purposes and to the extent and through the means stipulated in Section 2 of this Policy. Data provision shall be voluntary in all cases.

• In view of Section 1.3, the Data Subject acknowledges that Controller shall collect, process and transmit their Data for the purposes and to the extent and through the means stipulated in Section 2 of this Policy. Data provision shall be voluntary in all cases.

Controller informs the Data Subject that Data shall be processed and retained for the duration of providing the Services, and afterward for five (5) years

Data processed by Controller shall be disclosed to a third party only if such disclosure is in Data Subject’s interest, or if necessary for the Controller to fulfil its legal obligations. By signing the contract specified in Section 1.3, the Data Subject expressly consents to the transfer of their Data if the Controller believes that the interests of the Data Subject so require. Controller shall maintain a transmission log in all cases, in line with Section 8 and Subsection 25/E(1) of the Information Act, indicating the date and time of transmission of the data concerning Data Subject, the legal basis of transmission as specified in the Subsection, the recipient, and a description of the scope of Data transmitted, with the above information retained for the duration prescribed by the legislation on data processing, but not less than for five (5) years.

Controller shall not transmit the Data of the Data Subject to international organizations in third countries – i.e., outside the European Union and the EEA – except with the express approval of the Data Subject and in accordance with the conditions set out in the written declaration of the parties, by providing guarantees in accordance with Sections 10-13 of the Regulation. The former restriction does not apply to cases provided for in Article 45 of the Regulation, which states that a transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.

Data processed by Controller shall not be used in the interest of a third party and Data shall not misuse such information in any other way.

Data must be protected by Controller through means of suitable measures, in particular against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that stored data cannot be rendered inaccessible.

Controller informs the Data Subject that it does not make decision regarding the Data Subject based solely on automated data processing. The Controller does not create profiles about the Data Subject based on the available Data.

Data Subject has the right to request information from Controller on the processing of his/her Data, as well as the rectification, erasure or blocking of such data by the following means:

by postal mail: H-1052 Budapest, Váci utca 12. 3. emelet 3.;
by e-mail: makandfra@gmail.com

Upon the Data Subject’s request, Controller shall provide information concerning the Data processed by Controller, the sources from where they were obtained, the purpose, grounds and duration of processing, and the legal basis of data transmission and the recipients. Controller must comply with requests for information without any delay (after having received such a request), and provide the above information in an intelligible form, in writing within not more than fifteen (15) days. Controller may refuse to provide information only in the cases defined under Subsection 16(3) of the Information Act. Should a request for information be denied, Controller shall inform Data Subject in writing as to the provision of the Information Act serving grounds for refusal. Where information is refused, Controller shall inform Data Subject of the possibilities for seeking judicial remedy or lodging a complaint with the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság).

Controller shall rectify the Data where it is deemed inaccurate, and where the correct personal data is at Controller’s disposal.

The Data shall be erased: if processed unlawfully; if so requested by the Data Subject; if the processed data is incomplete or inaccurate and it cannot be lawfully rectified, provided that erasure is not disallowed by statutory provision of an act; if the purpose of processing no longer exists or the legal time limit for storage has expired, or; if so ordered by court or by the National Authority for Data Protection and Freedom of Information.

The Data shall be erased: if processed unlawfully; if so requested by the Data Subject; if the processed data is incomplete or inaccurate and it cannot be lawfully rectified, provided that erasure is not disallowed by statutory provision of an act; if the purpose of processing no longer exists or the legal time limit for storage has expired, or; if so ordered by court or by the National Authority for Data Protection and Freedom of Information.

If the accuracy of an item of the Data is contested by the Data Subject and its accuracy or inaccuracy cannot be ascertained beyond doubt, Controller shall mark that Data.

Controller has fifteen (15) days at his disposal for erasing, blocking or rectifying the Data. If Controller refuses to comply with Data Subject’s request for rectification, blocking or erasure, the reasons for such refusal shall be communicated in writing, or by electronic means in case Data Subject had so consented, within fifteen (15) days of receipt of the request. Where rectification, blocking or erasure is refused, Controller shall inform Data Subject of the possibilities for seeking judicial remedy or lodging a complaint with the National Authority for Data Protection and Freedom of Information.

When data is rectified, blocked, marked or erased, Controller shall notify Data Subject and all recipients to whom it has been transmitted for processing. Notification is not required if such an omission does not violate the rightful interest of Data Subject considering the purpose of processing.