PRIVACY POLICY

Privacy Policy
Kivirágzik Virágüzlet és Virágküldő Szolgálat Private Company (hereinafter: Kivirágzik E.c.) (last modified: 24/04/2020)


PURPOSE AND SCOPE OF THE INFORMATION


The purpose of this data management prospectus (hereinafter: the “Prospectus”) is to define Kivirágzik Ec (registered office: 1055 Budapest Bajcsy Zsiliszky út 76. company registration number: 01-11-004698 tax number: 24807636-1-41) as a data controller and service provider (hereinafter: : “Service Provider”, “Data Controller”) and to ensure that the constitutional principles of data protection, the right to information self-determination and data security requirements are enforced, and that everyone has their own personal data within the framework of legal regulations. prevent unauthorized access, alteration of data and unauthorized disclosure. In addition, this Prospectus serves as an information to those concerned to present the data management practices of the Data Controller.
(2) The scope of the Prospectus covers the processing of personal and special data at all organizational units of the Data Controller.
The Budapest Flower webshop (hereinafter: Webshop) is part of the websites available under the domain name www.budapestflower.hu and www.budapestflower.com (hereinafter: Website), which are considered to be the Data Controller's own websites.
The Data Controller acknowledges that the content of this legal notice on data management in the framework of its activities is binding on it. The Data Controller reserves the right to amend this Privacy Policy (hereinafter: “Information”). The Data Controller shall publish the current version of the Prospectus on its website. The Data Controller handles personal data confidentially and securely and makes the necessary improvements and modifications as the legal and technical possibilities change.
By using the Website, the User accepts the contents of the Prospectus at the same time, therefore please read this Prospectus carefully before using the Website.
The User gives his / her consent for the use of the Website, registration or voluntary provision of the data in question for each data processing.


DEFINITIONS


"Personal data" means any information relating to an individual (identified or identifiable natural person); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identified;
"Processing" means any operation or set of operations on personal data or files, whether automated or non-automated, such as collecting, recording, organizing, sorting, storing, transforming or altering, retrieving, accessing, using, transmitting, distributing or otherwise transmitting harmonization, interconnection, restriction, deletion and destruction;
"Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;
"Transfer of data" means making the data available to a specified third party;
"User" means a visitor to the Website; or the person with consumer status who registers, places an order and has an account;
"Consent" means the voluntary, specific and well-informed and unambiguous expression of the will of the data subject, by which he or she indicates his or her consent to the processing of personal data concerning him or her by means of a statement or unambiguous statement of confirmation;
"Data processing" means the performance of technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
"Processor" means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
"Data protection incident" means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data which have been transmitted, stored or otherwise handled;
"Profiling" means any form of automated processing of personal data in which personal data are assessed in order to assess certain personal characteristics of a natural person, in particular his performance, economic situation, state of health, personal preferences, interests, reliability, behavior, location or movement; used to analyze or predict related characteristics;
"Service" means the fulfillment and delivery of orders for products, such as flowers, chocolates, plush, available on the Webshop available on the website.
"Third party" means any natural or legal person, public authority or agency or any other body which is not the same as the User, the controller, the processor or the persons authorized to process personal data under the direct control of the controller or processor; they got;
"Website": www.budapestflower.hu


DATA CONTACT DETAILS, CONTACT DETAILS

The company name: Kivirágzik Virágüzlet és Virágküldő Szolgálat
Address: Budapest, 1055 Bajcsy Zsilinszky út. 76.  
Head office and mailing address: 1141 Bp. Vezér u. 44th
The company tax number is 24807636-1-42
Company registration number: 01-11-004698

www.budapestflower.hu 
email: budapestflower@budapestflower.hu
Phone: +36-1-798-0802

Account number: CIB 10700581-68381987-51100005
IBAN: HU89107005816838198750000005
Bank name and address: CIB Bank Ltd. H-1148 Bp. Örs Vezér tér 24.
Swift Code: CIBHHUHB


PRINCIPLES OF DATA MANAGEMENT, RANGE OF DATA MANAGED


The Data Controller collects and processes personal data legally and fairly, and in a manner that is transparent to the User.
The Data Controller collects and processes personal data only for a specific, clear and lawful purpose.
The personal data processed by the Data Controller are appropriate and relevant to the purposes of the data processing and are limited to what is necessary in terms of their extent and duration.
Only persons over the age of 18 are allowed to register on the website and the User is responsible for ensuring that his / her activities comply with the provisions of this Prospectus. The service provider will make every effort to filter out the processing of personal data of persons under the age of 18.
If the informant does not provide his / her own personal data, the informant is obliged to obtain the User's consent.


DETAILS OF WEBSITE VISITORS


The scope of personal data managed: identification number, date and time of the visit, IP address of the user's computer at the time of the visit.
The purposes of data management are to use the website, to check the operation of the services during the visit to the website, to provide personalized service and to prevent abuse.
Legal basis for data processing: voluntary consent of the User or Article 6 (1) (a) of the GDPR; the Elker. TV. 13 / A. § (3).
The range of Users: visitors to the Website.

 

REGISTRATION


The scope of personal data managed: name, e-mail address (it is not necessary to contain personal data), password, telephone number, date and time of registration, IP address of the user's computer at the time of registration, date of last login.
The purposes of data management: identification of the User, secure access to the user account, communication, performance of technical operations.
The legal basis for the data processing is the voluntary consent of the User and Article 6 (1) (a) and Article 8 (1) of the GDPR.
The range of Users: all Users registered on the Website.
Duration of data management, deadline for deleting data: lasts until the User's request for deletion. Deleting the registration will immediately delete the personal data. Pursuant to Article 19 of the GDPR, the data controller shall inform the User electronically of the deletion of any personal data provided by the User. If the User's deletion request also covers the e-mail address provided by the User, the Data Controller will also delete the e-mail address after the notification.
The identity of the potential data controllers entitled to access the data, the recipients of the personal data: the personal data may be processed by the authorized employees of the data controller on the basis of the provisions of this Prospectus.
We inform you that
data management is based on your voluntary consent;
is required to provide personal information so that we can register;
failure to provide data will result in the inability to create the user account.
In order to make the shopping process faster and more convenient, it is also possible to buy without registration in the Webshop.


DATA PROCESSING RELATED TO ONLINE SHOPPING


Scope of personal data managed: name, e-mail address (does not need to contain personal data), telephone number, billing data (name, country, postal code, town, street, house number), recipient's name, address, recipient's phone number, recipient's email address, credit card details, date of purchase, IP address at time of purchase.
The purposes of data management: identification of the User, contacting, keeping in touch, completing the purchase, issuing a regular invoice, confirmation, more efficient coordination of issues related to purchasing and invoicing, validating claims, performing technical operations.
Legal basis for data processing: data processing is necessary for the performance of the contract in accordance with Article 6 (1) (b) of the GDPR and Elker tv. 13 / A. § (3).
The range of Users: all customers are Users.
Duration of data management, deadline for deleting data: data related to the performance of an electronically concluded contract are used for the benefit of the contract and are deleted or destroyed upon its termination or after the expiry of the deadline specified by law.
Pursuant to Section 169 (1) of the Accounting Act, accounting documents and supporting documents must be kept for 8 years.
The identity of the potential data controllers entitled to access the data, the recipients of the personal data: the personal data may be processed by the employees of the data controller.
We inform you that
the provision of personal data is essential for the conclusion of an electronic contract in order for us to fulfill your order;
failure to provide information will result in the inability to process your order.


CUSTOMER CORRESPONDENCE


If you have any questions during the use of our services, you can contact the Data Controller via the contact details provided in this Prospectus or on the website, as well as through the Chat window.
The Data Controller deletes all messages received by him, together with the sender's name, e-mail address, date, time data and other personal data provided in the message, no later than 2 years after the communication.


DATA PROCESSORS USED


The Data Controller is entitled to use a data processor to perform its activities.
After 24/04/2020, the Data Processors shall record the personal data transferred to them by the Data Controllers and processed or processed by them in accordance with the provisions prescribed by the GDPR. processed and made a statement to the Data Controllers.
In the field of IT system operation, fulfillment of purchases / orders, settlement of settlements, marketing activities, the Data Controller uses the following Data Processors:


Hosting provider
1. Activity performed by data processor: hosting service
2. Name and contact details of the data processor:
Name: C-Host Kft.
Headquarters: 1115 Budapest, Halmi utca 29.
Web: www.nethely.hu
3. Scope of managed data: all personal data provided by the User.
4. The range of Users: all Users who use the services of the Website or who have registered / placed an order on the Website.
5. The purpose of data management: to make the Website available and to operate it properly. / Storage Service /
6. Duration of data management, deadline for deleting data: it lasts until the termination of the agreement between the Data Controller and the Hosting Provider, or until the User's request for deletion to the Hosting Provider.
7. The legal basis of the data processing: the User's consent or, in accordance with Article 6 (1) (a) of the GDPR, and the Elkertv. 13 / A. § (3).


Transport
1. Name and contact details of data processors:
Name: Postcar Futár Kft.
Head office: 1161 Budapest, Bács utca 34.
Web: www.postcar.hu
Name: Anemone Brigid Kft.
Headquarters: 1055 Bp. Nyugati Tér 6.
2. Activity performed by data processor: delivery of products.
3. The fact of data management, the scope of the managed data: delivery name, delivery address, telephone number, e-mail address.
4. Stakeholders: those requesting and receiving home delivery.
5. The purpose of data management: home delivery of the ordered product.
6. Duration of data management, deadline for deleting data: it lasts until the delivery to the house.
7. Legal basis for data processing: performance of contract, Article 6 (1) (b) GDPR.


Online payment
1. Name and contact details of data processors:
Braintreegateway.com
Web: https://www.braintreegateway.com/
PayPal
Web: www.paypal.com
2. Activity performed by data processor: Online payment
3. The fact of data management, the scope of the managed data: billing name, billing address, e-mail address.
4. The range of Users: all Users requesting online payment.
5. The purpose of data management is to monitor online transactions, confirm transactions and monitor abuses to protect users.
6. Duration of data management, deadline for deleting data: it lasts until the online payment is made.
7. Legal basis for data processing: performance of contract, Article 6 (1) (b) GDPR.


Administrator service
1. Name and contact details of the data processor:
Name: Wix.com Ltd
Web: www.wix.com
2. Activity performed by data processor: system administrator service (inspection, technical update, security system development, other developments, repair tasks).
3. The fact of data management, the scope of the managed data: all personal data provided by the User.
4. The range of Users: all Users using the services of the Website or registered / placing an order on the Website.
5. Purpose of data management: Administrator service (improvements, checks, bug fixes).
6. Duration of data management, deadline for deleting data: it lasts until the termination of the agreement between the Data Controller and the data processor recorded in this section, or until the Service Provider's cancellation request to the data processor recorded in this section.
7. The legal basis of the data processing: the User's consent, Article 6 (1) a) of the GDPR and the Elkertv. 13 / A. § (3).


Invoicing
1. Name and contact details of the data processor:
Name: KBOSS.hu Kft.
Headquarters: 1031 Budapest, Záhony utca 7.
Web: www.szamlazz.hu
2. Activity performed by the data processor: invoicing.
3. The fact of data management, the scope of the managed data: name, billing name, billing address.

4. The range of Users: all Users who place an order on the Website.

5. Purpose of data management: issuing an invoice.

6. Duration of data processing, deadline for deletion of data: Pursuant to Section 169 (2) of Act C of 2000 on Accounting.

7. The legal basis of the data processing: the User's consent, Article 6 (1) a) and the Elkertv. 13 / A. § (3).


TECHNICAL DATA, COOKIE MANAGEMENT


With the help of cookies, Blossom EC does not collect or store personally identifiable information. Thus, these cookies cannot identify you personally.
The data of the User's login computer, which are generated during the use of the service and which are recorded by the Service Provider's system as an automatic result of the technical processes, especially the date and time of the visit, the IP address of the User's computer and browser type.
The data that is automatically recorded is automatically logged at the time of entry or exit without any separate statement or action by the User. This data may not be linked to other personal user data, except in cases required by law. Only the Data Controller has access to the data.

In order to provide customized service, the Data Controller and the designated external service providers will use a small file containing a string on the User's computer, the so-called a cookie is placed and read back. If the browser returns a previously saved cookie, the cookie service provider has the option to link the data saved by the User during the current visits with the previous ones, but only with regard to its own content. Use the following cookie:


Security cookies;
Session cookie: they are automatically deleted after the User's visit. These cookies are used to make the Service Provider's Website more efficient and secure, so they are essential for certain functions of the Website or certain applications to function properly;
Persistent cookies: these are stored in the browser's cookie file for a longer period of time. The duration of this depends on the setting used by the User in his / her Internet browser.
Some of these cookies are used to make the Service Provider's Website more efficient and secure, they are essential for certain functions of the Website or certain applications to work properly. While other cookies have been placed for a better user experience (e.g. to provide optimized navigation).
The "Help" or "Settings" function in the menu bar of most browsers provides information on whether the User's own browser
how to disable cookies
how to accept new cookies
how to instruct your browser to set a new cookie, or
how to turn off other cookies.
External servers help to independently measure and audit the website traffic and other web analytics data (Google Analytics, Facebook Analytics). Information on the handling of measurement data is provided in the service regulations. Contact: www.google.com/analytics/; https://analytics.facebook.com/.
If the User does not want external service providers to measure the above data in the manner and for the purpose described, install the add-on that blocks this in their browser.


METHOD OF DATA MANAGEMENT


The Data Controller stores the data provided by the User for a specific purpose.
The purpose of the automatically recorded data is the production of statistics, the technical development of the Website, and the protection of the User's rights. The statistical summary may not contain any other data suitable for the identification of the affected User in any form, thus it does not qualify as data management or data transmission.
The Service Provider does not check the personal data provided to him. The person who provided the data is solely responsible for the accuracy of the information provided. When providing the e-mail address of any User, he / she is also responsible for ensuring that only he / she uses the service from the provided e-mail address. In view of this liability, all liability in connection with logins to a given e-mail address rests solely with the User who registered the e-mail address.
The Data Controller does not or may not use the personal data provided for purposes other than those specified in this Prospectus. The Data Controller does not transfer the personal data managed by it to third parties other than the Data Processors specified in this Prospectus.
The release of personal data to third parties or authorities is not possible, unless otherwise required by law, with the prior express consent of the User. In all cases where the Data Controller intends to use the provided data for a purpose other than the purpose of the original data collection, he / she shall inform the User thereof and obtain his / her prior express consent, or provide him / her with an opportunity to prohibit the use.
Should the User have any questions or problems while using the services of the Data Controller, he / she may contact the Data Controller at the contact details provided on the website.
The User may contact the Service Provider's employee with any questions or remarks related to data management via known contact details. The Data Controller deletes the e-mails received by him, together with the sender's name, e-mail address and other personal data provided in the message, no later than 2 years after the communication.
The Data Controller shall provide information on data processing not listed in this Prospectus upon recording the data.
Upon exceptional official request, or in case of requesting other bodies based on the authorization of legislation, the Data Controller is obliged to provide information, communicate and transfer data, or make documents available. In such cases, the Data Controller shall provide the requester with personal data only to the extent and to the extent strictly necessary for the realization of the purpose of the request, provided that it has indicated the exact purpose and scope of the data.


EMBEDDED CONTENT


Embedded content from other websites
Entries available on the Website may use embedded content (eg videos, images, articles, etc.) from an external source. Embedded content from an external source behaves exactly as if we had visited another website. These sites may collect visitor data, use cookies or third-party tracking code, and monitor user behavior related to embedded content if we have a user account and are logged in to the site.

USER RIGHTS


1. Right of access
User is entitled to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress, and if such data processing is in progress, he / she is entitled to have access to the personal data and information listed in the Regulation.
2. Right to rectification
User may request that the Data Controller correct inaccurate personal data about the User without undue delay. Taking into account the purpose of data management, the User may request the completion of incomplete personal data.
3. Right of cancellation
The User may request that the Data Controller delete the personal data processed on the basis of his / her consent without undue delay under the conditions specified in the Decree.
4. The right to be forgotten
If the Data Controller has disclosed the personal data and is obliged to delete it, taking into account the available technology and the cost of implementation, it shall take reasonable steps, including technical measures, to inform the data controllers that the User has requested such personal data. deleting links or copies or duplicates of such personal data.
5. Right to restrict data processing
The User may request that, at his request, the Data Controller restrict the data processing if the conditions specified in Article 18 (1) of the GDPR are met.
6. The right to data portability
The User is entitled to receive the personal data concerning him / her made available to the Data Controller in a structured, widely used, machine - readable format, and is also entitled to transfer this data to another data controller.
7. Right to protest
You have the right to object to the processing of your personal data, including profiling, at any time.
Request for information
The User is entitled to request information from the Data Controller regarding the handling of his / her personal data at any time. The User can initiate access to, deletion, modification or restriction of the processing of personal data, portability of data, protest against data processing in the following ways:
- by post at 1055 Budapest Bajcsy Zsilinszky út 76.
- by e-mail to budapestflower@budapesflower.hu.


Deadline for action
The Data Controller shall, without undue delay, but not later than within 30 days from the receipt of the request, inform the User in writing of the measures taken following the above requests.
If necessary, it can be extended by 30 days. The Data Controller shall inform the User about the extension of the deadline within 30 days from the receipt of the request, indicating the reasons for the delay.
If the Data Controller fails to take action at the request of the User, without delay, but no later than within one month from the receipt of the request, the factual and legal reasons for the rejection of the request, the reasons for non-action and the User may file a complaint or exercise its right of judicial review.


USER INFORMATION ABOUT THE PRIVACY INCIDENT


The Data Controller shall inform the User about the data protection incident without undue delay - in a clear and comprehensible manner, if the data protection incident is likely to pose a high risk to the rights and freedoms of the User (s).
The Data Controller describes the nature of the data protection incident in the information provided to the User, communicates the name and contact details of the contact person providing further information; describe the likely consequences of the data protection incident; describe the measures taken or planned to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.
The Data Controller is not obliged to inform the Users in case of fulfillment of any of the cases provided for in Article 34 (3) of the GDPR.


UNILATERAL CHANGEABILITY


Blossom Ec reserves the right to unilaterally amend this privacy statement


ENFORCEMENT OPTIONS


1. The User may contact the Data Controller with a remark regarding the handling of his personal data as follows:
- by post to 1055 Budapest Bajcsy Zsilinszky út 76.,
- by e-mail to budapestflower@budapestflower.hu,
2. Complaints against a possible breach of the data controller may be lodged with the National Data Protection and Freedom of Information Authority.


1125 Budapest, Szilágyi Erzsébet avenue 22 / C.
Mailing address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400
Fax: + 36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu


3. In case of violation of his rights, the User may take legal action against the Data Controller. The court is acting out of turn in the case.
4. If the User has provided third party data during the registration for the use of the service or caused damage in any way during the use of the Website, the Data Controller is entitled to enforce compensation against the User. In such a case, the Data Controller shall provide all possible assistance to the acting authorities in order to establish the identity of the infringer.


OTHER PROVISIONS


1. The Data Management System may collect data on the activity of the Users, which may not be combined with other data provided by the User during registration, or with data generated when using other websites or services.
2. The Data Controller undertakes to ensure the security of the data and to take technical measures to ensure that the data recorded, stored or processed are protected and to do everything possible to prevent their destruction, unauthorized use and unauthorized use. change. It also undertakes to call on any third party to whom the data may be transmitted or transferred to fulfill its obligations in this regard.
3. The controller declares that the cases provided for in Article 37 (1) of the GDPR do not apply and that no Data Protection Officer has been appointed.
The Data Controller pays attention to complying with the applicable data protection legislation and the established data protection authority practice during its data management. Its data management principles are in line with existing data protection legislation, in particular:
Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR);
CVIII of 2001 Act on Certain Issues of Electronic Commerce Services and Services Related to the Information Society (Elkertv.);
Act V of 2013 on the Civil Code (Civil Code);
Act C of 2003 on Electronic Communications;
XLVIII of 2008 Act on the Basic Conditions and Certain Restrictions of Economic Advertising (Grtv.).


RESPONSIBILITY
Kivirágzik Ec shall not be liable for any direct or indirect damages resulting from the use of the website. .

 

This Privacy Notice came into force on 10/04/2020.