Information about the data management on the website of Calendula Pharma Co.Ltd. www.calendulapharma.com and the General Terms and Conditions for its business partners

1:
Calendula Pharma Co.Ltd., 3, Darázsi u., 8653 Ádánd, Hungary, carries out its data management activities in accordance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information / Info tv. The purpose of the information is to inform visitors to the Company’s websites about the data processed by the Company on the website and to provide them with information about the
other activities related to data processing. The terms used in this notice are the same as those defined in the Info Act.

2. Definitions:
– data subject: any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data.
– personal data: data that can be associated with the data subject, in particular the name, the identifier of the data subject and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference that can be drawn from it regarding the data subject.
– special categories of data: data concerning racial or ethnic origin, national or ethnic minorities, political opinions, political opinions, party political opinions, religious or philosophical beliefs, party membership, health, pathological conditions, sexual life
– data set: the set of data managed in a register system
– ‘criminal personal data’ means personal data relating to a criminal offence or criminal proceedings, generated in the course of or prior to criminal proceedings, by bodies competent to prosecute or investigate criminal offences, and by law enforcement bodies, which can be associated with the data subjects, and personal data relating to criminal records
– consent: a voluntary and explicit indication of the data subject’s wishes, based on adequate information, by which he or she gives his or her unambiguous agreement to the processing of personal data relating to him or her
processing of personal data concerning him or her, in whole or in part.
– objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data.
– controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes decisions regarding the processing (including the means used) and implements them or has them implemented by a processor on its behalf.
– ‘processing’ means any operation or set of operations which is performed upon data, regardless of the method used, in particular collection, recording, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure and destruction, and prevention of further use of the data.
– data onward transfer: the making available of data to a specified third party.
– disclosure: making the data available to any person.
– erasure: rendering data unrecognisable in such a way that it is no longer possible to retrieve it.
– data marking: the marking of data with an identification mark to distinguish it.
– data blocking: the marking of data with an identification mark for the purpose of limiting their further processing permanently or for a limited period of time.
– data destruction: the total physical destruction of a data medium containing data.
– processing of data: the performance of technical tasks related to data processing operations, irrespective of the methods and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
– ‘processor’ means a natural or legal person or an unincorporated body which carries out the processing of data on the basis of a contract, including a contract concluded pursuant to a legal provision, with the controller.
– ‘data filing system’ means any structured, functionally or geographically centralised, decentralised or dispersed set of personal data accessible on the basis of specified criteria
– data breach: unlawful processing or processing of personal data, unauthorised access, disclosure, transmission, deletion, alteration or destruction
– third party: a natural or legal person or an unincorporated body other than the data subject, the controller or the processor.

– third country: any State other than an EEA State.

Liaising with customers:
Purpose of processing:
By providing a login facility on the Company’s website, the Company provides prospective partners with the opportunity to establish direct contact with the Company’s designated contact employees. The Data Controller will not transfer the personal data concerned to third parties or companies for the purposes of direct marketing and direct marketing. The use of the data is subject to the acceptance of a privacy statement.

Scope of the data processed:

Name / Company name / Telephone number, email address
Legal basis for data processing. The processing of partners’ data is considered customer data and is therefore not registered with the data protection authority.

Duration of data processing:

Until the withdrawal of the consent of the partner.
Newsletter sending rules:
Purpose of processing:
The data controller sends newsletters to its partners with the aim of providing individual discounts to natural persons or legal entities, personalised offers and direct information on current offers and promotions. The Data Controller does not transfer the personal data concerned to third parties or companies for the purposes of direct marketing and direct marketing. The sending of newsletters requires acceptance of a privacy statement.

Scope of the data processed:

– For natural persons: name, email address.
– For legal persons: name, registered office, tax number, email address
Legal basis for data processing.

Duration of data processing:

Until the withdrawal of the partner’s declaration of consent

Declaration on data processing for online payment by credit card

I agree that Calendula Pharma Co. Ltd. (Registered office: 8653 Ádánd, Darázsi utca 3.) stored in the user database of https://calendulapharmacy.com/hu/ to BIG FISH Payment Services Ltd. (Registered office: 1066 Budapest, Nyugati tér 1-2.) as data processor. The scope of the transmitted data: name-first name, surname, first name, IP address, billing address, delivery address, telephone number, e-mail address, last four digits of the credit card number. Purpose of the data transfer: to carry out the data communication necessary for payment transactions between the merchant and the payment service provider’s system, to ensure the traceability of transactions for the merchant’s partners.

Remedies:

The person concerned may, after prior appointment, receive information about the processing of his/her data, and request the rectification, erasure or blocking of his/her personal data, from Monday to Friday, 8 am to 4 pm, without audio recording. The controller shall investigate the complaint and provide written information within the shortest possible time from the date of the request, but not later than 15 days. If the personal data recorded by the controller is inaccurate, the controller shall amend it if accurate personal data is available. The controller shall delete the personal data if:
– if the processing is unlawful
– it is incomplete or incorrect and this situation cannot be lawfully remedied
– the data subject requests it
– the purpose of the processing has ceased to exist or the period of retention of the data for which the data were collected has expired
– it has been ordered by a court or public authority
In the event of a breach of the data subject’s rights or in the event of a comment, the data subject may make a statement using the following contact details or contact the following authorities:
– Calendula Pharma Co. Ltd. 8653 Ádánd, Darázsi u. 3.
– 27 Markó u., 1055 10655, Budapest Municipal Court
– Kaposvár General Court Bajcsy-Zsilinszky u. 3, 7400
– National Authority for Data Protection and Freedom of Information: 1530 Budapest, Szilágyi Erzsébet fasor 22/C