Protein Dessert Bar - A slice of joy

PRIVACY STATEMENT

The aim of the websites of BioTech USA Kft. (2111 Szada, Ipari Park út 10., hereinafter referred to as “Provider”), available on the domain www.biotechusashop.hu (hereinafter referred to as “Website”), is to serve the needs of the target audience consisting of health-conscious people wishing to do sports, facilitate communication between people interested in sports and health, provide them with an online interface for sharing experiences and sell related products.

The Privacy policy of the Provider is available at all times from the homepage.

Provider (as data controller) hereby informs the users of this Website about the personal data it processes on the Website, the principles and practices of processing personal data, the organisational and technical measures taken for protecting personal data, as well as the means and options for exercising user rights of the Users involved.

Provider shall process the recorded personal data as confidential, in compliance with the data protection regulations and international recommendations, in accordance with this Privacy Statement. Provider is committed to protecting the personal data of its Partners and Users, therefore it is particularly important for Provider to respect the informational self-determination rights of the Website’s Users. Provider shall process all personal data as confidential and take every security, technical and organisational measure to ensure the safety of such data.

Provider is entitled to unilaterally modify this Privacy Statement, following the prior notification of the Users of the Website. The modified provisions take effect upon User’s first visit to the website following the publication thereof.

If you have any questions after perusing this Privacy Statement, please refer them to [email protected], and our colleagues will reply to your query.

By using the Website, User accepts the Privacy Statement and consents to the processing of their data, as specified below.

1. Principles and definitions

Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Privacy Act”) stipulates that personal data may be processed only when the data subject has given his consent, or when decreed by law or by a local authority due to public interest. Personal data may only be processed for specified purposes, to exercise certain rights or perform certain obligations. Data processing shall comply with the purpose of the data processing at all stages. The recording and the processing of data shall be fair and legal. Only personal data that is crucial to the purpose of data processing and is suitable for achieving that purpose may be processed. Personal data may only be processed to the extent and for the period of time necessary for achieving the purpose. Data relating to the data subject – particularly the name, tax identification number or details about their physical, physiological, mental, economic, cultural or social identity –, as well as conclusions drawn therefrom regarding the data subject are considered personal data.

No consent of the legal representative is required for legally incapacitated persons or minors with limited legal capacity, since the Statement refers to frequent, everyday life mass registrations that do not require particular consideration.

1. Data subject/User: any natural person identified or – directly or indirectly – identifiable by specific personal data;
2. Personal data: data relating to the data subject – particularly the name, tax identification number or details about the physical, physiological, mental, economic, cultural or social identity of the data subject –, as well as conclusions drawn therefrom regarding the data subject;
3. Consent: the voluntary and specific expression of the data subject that is based on adequate information with which it gives unambiguous consent to the full or specific operations related to the processing of their personal data;
4. Objection: a declaration made by the data subject in which they object to the processing of their personal data and request the termination of data processing, as well as the deletion of the processed data;
5. Data Controller/Provider: natural or legal person or organisation without legal personality which, alone or jointly with others, determines the purposes of processing data, makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor commissioned thereby;
6. Data processing: any operation or the entirety of operations performed on the data, irrespective of the procedure applied, particularly the collection, recording, registration, classification, storage, modification, use, retrieval, transfer, disclosure, synchronisation or connection, blocking, deletion or destruction of the data, as well as prevention the further use thereof, taking of photos, making audio or visual recordings, as well as the registration of physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);
7. Data processing: performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
8. Data processor: any natural or legal person, or organisation without legal personality processing the data on the grounds of a contract concluded with the Data Controller, including contracts concluded pursuant to legislative provisions;
9. Data transfer: providing access to the data for a specified third party;
10. Disclosure: ensuring open access to the data; link
11. Data deletion: making data unrecognisable in a way that it can never be restored again;
12. Blocking of data: marking data with a special ID tag to indefinitely or definitely restrict its further processing;
13. Data destruction: complete physical destruction of the data carrier that contains the data;
14. Third party: any natural or legal person, or organisation without legal personality other than the data subject, the data controller or the data processor.

2. Details of the Data Controller

1. Provider’s name: BioTech USA Korlátolt Felelősségű Társaság (hereinafter referred to as Provider)
2. Provider’s registered seat: 2111 Szada, Ipari Park út 10.
3. Mailing address: 1033 Budapest, Kiscsikós köz 11.
4. Representative/Head of Webshop: Bálint Lévai, CEO
5. Company Registration Number: 13-09-173512
6. Tax Registration Number: 25114681-2-13
7. Authorisation Number: ...
8. Ministry of Economy and Transport, Licensing and Administrative Office, Internal Trade and Tourism Department (1024 Budapest Margit krt. 85.)
9. Data processing registration number: NAIH-83774/2015. Link, NAIH-98228/2016. Link, NAIH-98227/2016. Link
10. Name of registering authority: National Authority for Data Protection and Freedom of Information (NAIH)
11. Provider’s customer services email address: ...
12. Provider’s phone number of the : ...

3. The scope of personal data, purpose, legal grounds and duration of data processing

In accordance with Article 5 Paragraph (1) a) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as the “Privacy Act”), the data processing of Provider is performed with the voluntary consent of User and in compliance with Act CVIII of 2001 on certain aspects of electronic commerce and information society services.

Provider does not check the provided personal data or the validity thereof. The data providing person, User or Contracting Party is solely responsible for the appropriateness of the provided data. When providing an email address, all Users undertake responsibility that they are they exclusively use provided email address. For this reason, any liability for logins related to an email address shall be borne exclusively by the User who provided the email address.

3.1. Technical data of Visitors to the Website, cookies

Anonymous visitor identifiers (cookies) are files or pieces of information stored on your computer (or other devices capable of connecting to the Internet, such as your smartphone or tablet) when you visit a BioTechUSA site. A cookie usually includes the name of the Website, its origin and “lifespan” (i.e. how long it will remain on your device) and its value, which is usually a randomly generated, unique number.

We use cookies to enable better future personalisation on BioTechUSA websites and offer you BioTechUSA products in line with your interests and needs, thus to make it easier for you to use our Websites. Cookies make your future interactions on BioTechUSA sites faster and improve your browsing experience. Cookies can also be used to create anonymous, aggregated statistics, so that we can better understand how people use our sites in order to improve their structures and contents. We cannot personally identify you using this information.

Two types of cookies are used on BioTechUSA websites: session cookies and persistent cookies. Session cookies are temporary, i.e. they only stay on your device until you are browsing a BioTechUSA website. Persistent cookies remain on your device for much longer, possibly until you manually delete them.

Some websites also collect information using pixel tags, which can be shared with a third party. This directly supports our promotional activities and the development of our websites. For example, the information on how visitors use our websites can be shared with advertisement agencies in order more efficiently use online advertisements on our websites. Such information does not make personal identification possible, even if it is linked to personal data.

Cookies used on BioTechUSA websites

Controlling and deleting cookies

In default, most Internet browsers accept cookies. You can change these settings in order to block cookies or ask for notifications when cookies are set up on your device. There are several ways to manage cookies. Please check your browser information or the help page if you need more information on browser settings and their modifications.
Disabling cookies used may affect your experience while browsing on BioTechUSA websites. For example, you may not be able to visit certain parts of the BioTechUSA website or you may not receive personalised information while browsing a BioTechUSA site.
If you use several different devices (e.g. computer, smartphone, tablet etc.) for visiting and using BioTechUSA websites, make sure that all of the browsers used on these devices are set up to meet your needs.

Analysing log files

Analysing log files provides a lot of useful information for the service providers. In the log files servers record data on requests sent by visitors, including the dynamic IP address of the computer, the browser type, the address of the requested website etc. This information is not suitable for personal identification. Such data is used for to analyse trends, prepare site statistics, do administration of the services and analyse the “movement” of visitors, which all help us improve the standards of our services. The series of data thus retrieved is suitable for personal identification; however, we do not connect them to information collected from other sources.

3.2. Shop registration

During registration the Provider requests the following data:

Under “Personal and Profile Data”

• Name
• Email address
• Mobile phone number
• Date of birth (not required)

Under “Delivery address”

• City
• Postcode
• Street, number
• Country

Gender of the User (this field is not required)

Such data is processed by the Provider to identify users and orders, as well as to deliver orders. The email address is also necessary for the confirmation of orders and to keep in touch with User. In addition, it is also possible to enter data for a billing address. Such information is necessary for delivery, billing and communication.

The login password is automatically generated and sent via email. The password can be changed after logging in to the Website, under the “Personal Data” Section. Personal data can be changed under the “Personal Data” Section.

Such data is deleted upon User request or after five idle years.

The above provisions do not concern data storage obligations specified by law (e.g. in the accounting law), nor the processing of data provided during registration on the website or based on consents given in any other way.

Users may request the deletion of their data in an email sent to [email protected]. In the event of a request for deletion of data, the deletion shall take place within 5 days following the receipt thereof.

3.3. Newsletter

You can subscribe to an electronic newsletter – usually sent weekly – in the “Personal data” Section and on other interfaces that are occasionally made available by the Provider.

To unsubscribe from the newsletters, click on the link on the bottom of the messages and go to the “Personal Data” Section in the webshop.

3.4. Forum

Only registered users can write comments in the forum. In order to register, you have to select a username and password, and provide an email address.

Such data is necessary to identify users and distinguish them from other users. The email address is required for communication purposes.

Users can enter a public email address, their date of birth, upload an image, create a personal signature, provide a link to their own website, specify their profession, hobbies, residence, contact information (ICQ number), as well as data related to working out (willingness to train, biceps size, bench press weight, favourite exercise etc.). It is optional to make data provided here available for other registered users. Such data facilitates communication between users and help them get to know each other.

The provisions under Section 3.6. of this Statement are applicable also for the use of the forum.

The provided personal data can be modified under the “Personal Data” Section.

The deletion of the provided data can be requested in an email sent to [email protected]. Provider deletes such data upon request or after five idle years.

3.5. Contact

If you have any questions or problems related to our services, contact the Provider at any of the contact details specified under Section 2.

Provider shall delete all incoming messages, together with the name, email address and other, voluntarily provided personal data of the sender within 90 days following the resolution of the case.

3.6. Sharing content and information

Provider does not assume liability for any content provided by Users and only stored by the Provider. This applies particularly to publishing documents that contain personal data (e.g. portrait image, audio) or other data processing operations related to them, in which case the prior consent of User is required.

Obtaining the consent is the duty of the User who publishes the content in question. Provider waivers any liability related to the legality or authenticity of the contents (e.g. images and personal ad, respectively) published by Users in the course of receiving the Provider’s services.

If any User deletes their user profile, the contents published by them are also deleted.

4. Data processing

It is first and foremost Provider and their internal employees are entitled to be familiar with the data, and they may not publish or make them available to third parties.

Provider may engage data processors (e.g. system operators or accountants) in the process.

In order to improve user experience and prepare internal statistics, Provider transfers data to the following data processors:

• Google Inc.,
  1600 Amphitheatre Parkway,
  Mountain View,
  CA 94043,
  +1 650 253 0000
  • Provider transfers data regarding the events related to Website visits (clicks; page views; time of purchase, purchased items and their prices), as well as User’s email address to Google. Such data has an important role in improving the services of the Website, preparing statistical data and personalising the marketing campaigns of Provider.
  • Facebook Ireland Ltd.,
    4 Grand Canal Square,
    Grand Canal Harbour,
    Dublin 2 Ireland
    • Provider transfers data regarding events related to Website visits (clicks; page views; time of purchase, purchased items and their prices), as well as User’s email address to Facebook. Such data has an important role in improving the services of the Website, preparing statistical data and personalising the marketing campaigns of Provider.
    • Hotjar Ltd, Level 2
      St Julians Business Centre,
      3, Elia Zammit Street,
      St Julians STJ 1000, Malta, Europe
      +1 855 464 6788
      david[at]hotjar[dot]com
      • Provider transfers data regarding events related to Website visits (clicks; page views; mouse movements), to Hotjar. Such data has an important role in improving the services of the Website and preparing statistical data.

• BENHAUER Sp. z o.o.

21 Grzegórzecka

St. 31-532 Cracow
KRS 0000395626
ph. +48 531 756 629
Email: [email protected]

• Provider transfers personal data (name, email address, phone number, age, name and price of purchased items) and other, non-personal data (fields of interest) to SALESmango. Such data is transferred in order to improve user experience and make personalised offers.
• Wanadis Kft.
  1112 Budapest, Budaörsi út 153.
  Tax Registration Number: HU14020362
  Tel.: +36 1 246 0757
  Fax: +36 1 248 0678
  Email: kalman.tamas (at) maileon.hu
  • Provider transfers personal data (name, email address, phone number, age, name and price of purchased items) and other, non-personal data (fields of interests) to Maileon. Such data is transferred in order to improve user experience and make personalised offers.

The data processors store the transferred personal data for a period of time specified in their own data protection policy. For further information, please click on the name of the Data Processor and see its Privacy Statement.

The data processors only process the transferred personal data in accordance with the instructions of the Provider, they do not process data for their own purposes.

If an order is placed, Provider transfers the name, address, delivery address and phone number provided by User along with the order details to the following data processors:

• GLS courier company

5. The storing of personal data, security of data processing

Personal data related to the website is mainly processed by BioTechUSA Kft. Its servers are located in the registered office of the company and in the data park of Mongouse Computer Kft. (1117 Budapest, Budafoki út 183.) Provider stores the data on a dedicated server that are guarded 24/7.

Provider ensures the security of data processing with technical, organisational and systemic measures that provide a level of protection corresponding to the risks related to data processing.

The IT system and network of Provider is protected against computer-assisted fraud, spying, sabotage, vandalism, fire and floods, as well as against computer viruses, hacks and denial-of-service (DoS) attacks. Provider ensures the security of the data with server-level and application-level security procedures.

Regardless of protocol (email, web, ftp etc.), electronic messages forwarded on the Internet are vulnerable against network threats that lead to fraudulent activity, the contesting of a contract or disclosure or modification of information. Provider makes every reasonable effort for the protection against such threats. It provides surveillance for the systems in order to record every security anomaly and have proof in the event of any security related event. The surveillance of the system enables Provider to check the efficiency of the applied security measures as well.

6. User rights, judicial remedies

6.1. The right to Information

User is entitled to request information on their personal data processed by the Provider in mail, or in an email sent to [email protected].

Upon User’s request, Provider shall provide information on the data relating to the User that is processed by the Provider, on the purpose, legal grounds and duration of the data processing, as well as recipients of such data along with the purpose thereof. Provider shall provide the requested information in writing within 25 days following the receipt of the request.

User may contact the employees of the Provider regarding any questions or comments related to the data processing, at the contact information specified below.

6.2. User may request the deletion, correction or blocking of their data

User is entitled to request the correction or deletion of their data recorded incorrectly using the contact details specified below. Provider shall delete the data within 5 days following the receipt of the request, and in this case, they cannot be recovered later. The deletion does not concern the data processing required by legislation (e.g. by accounting law), as Provider will retain such data for the required time period.

User may also request the blocking of their data. Provider shall block personal data if User requests it, or if it can be presumed – based on the available information – that their deletion would violate User’s legitimate interests. Such blocked personal data may only be processed until the purpose of data processing that excluded their deletion persists.

The User and all persons to whom data have been sent for the purposes of data processing shall be informed about the correction, blocking and deletion of the data. Their notification may be omitted if it does not prejudice the legitimate interests of User regarding the purpose of data processing.

If Provider fails to fulfil User’s request for correction, blocking or deletion, it shall inform User in writing about the factual and legal grounds for refusing to fulfil the request for correction, blocking or deletion, within 25 days following the receipt of the request.

6.3. User may object to the processing of their personal data

User may object to the processing of their personal data. Provider shall examine the objection within the shortest time period possible, but no later than within 15 days following the filing of the request it shall make a decision on whether the objection was grounded, and it shall inform the applicant about the decision in writing.

User may exercise this right by sending their objection to any of the contact information specified under Section 2.

6.4. Means of judicial remedy in accordance with the Privacy Act and Act V of 2013 on the Civil Code

If providing information is refused, or the request for correction, deletion or blocking is rejected, User may refer to the National Authority for Data Protection and Freedom of Information.

If User disagrees with the decision on their objection to the processing of their personal data, or if Provider fails to comply with the time limit, User may refer to a court within 30 days following the receipt of the notification on the decision or following the expiry of the deadline.

National Authority for Data Protection and Freedom of Information (NAIH)

1125 Budapest, Szilágyi Erzsébet fasor 22/c.

http://naih.hu

If User provided the data of a third party to receive the service, or caused any damage in the course of using the Website, Provider is entitled to receive compensation from User. In such cases, Provider shall do their best to help the acting authorities establish the identity of the infringer.

7. Miscellaneous provisions on data processing

We hereby inform Users that the court, the prosecutor and the investigating authority may contact Provider in order to request information, data, transfer of data or supply of documents (Article 71 of Act XIX of 1998 on Criminal Proceedings). Provider shall only transfer personal data to the extent required by the request, if the authority has specified the exact purpose and the scope of the requested data.

Provider reserves the right to unilaterally modify this Privacy Statement, following prior notification of the Users (by notification on the Website). By using the Website following the modification of the Privacy Statement User consents to the changed content thereof.

This Privacy Statement takes effect on 15 October 2015.

BioTechUSA Kft.