Wellis Hungary Ltd. Privacy Notice
(Notice accessible on the landing page)
Wellis Hungary Plc. (headquarters: 1118 Budapest, Budaörsi út 31/C, Company Registration Number: 01-10-048882, Tax Number: 25584864-2-43, Phone Number: 29/564-380, Email: info@wellis.hu, represented independently by: Czafik Zsolt CEO, Data Protection Officer: Dr. Bölcskei Krisztián, info@adatvedelmiauditor.hu), as Data Controller, provides a summary about the data management practices performed.
Data Controller informs the esteemed parties concerned, that
- the Data Subject may exercise their rights
- the right to access (Data Subject is entitled to confirmation from Data Controller about whether their personal data is being processed, and in case data management is in process, Data Subject is entitled to access information regarding the circumstances of data management),
- the right to rectification (Data Subject is entitled to have any inaccurate data concerning them rectified without undue delay by Data Controller),
- the right to erasure and right „to be forgotten” (Data Subject is entitled to have personal data concerning them erased without undue delay by Data Controller, if the data management is without purpose or other legal basis, in case of objections or no overriding legitimate reason for data management, or in case data was processed unlawfully in the first place, furthermore if the data must be erased to fulfil legal obligations),
- the right to lock / restriction of data (Data Subject is entitled to have the management of their data restricted by Data Controller on request, if any of the conditions stated in the GDPR is realised, and to not have their data operated in any other way than storage),
- the right to object (Data Subject is entitled to object at any time, on grounds relating to their own situation, to the management of their personal data under points (e) or (f) of Article nr. 6(1) of the GDPR),
- the right to data portability (Data Subject is entitled to obtain personal data concerning them and made available to Data Controller in a structured, widely used, machine readable format, furthermore Data Subject is entitled to forward this data to another data controller, without being hindered by Data Controller to whom the personal data has been made available, if the legal conditions apply),
by sending a statement to the info@wellis.hu email address, or other contacts provided by Data Controller.
In case Data Subject considers their rights have been infringed, He may file a complaint to the competent authorities or the court according to their residence and claim damages, among others. Data Controller informs the Data Subjects that their exercising of rights in connection with data management may have conditions or limitations, which factors shall be assessed by Data Controller in the event of the Data Subject’s exercising of rights, as it is mandatory. In case Data Subject cannot exercise a right in connection with given data management, Data Controller shall inform Data Subject in writing (including electronic ways) about the causes which exclude / limit the exercising of rights and keep a record on the matter.
- Data Controller shall take appropriate technical and organisational measures to ensure a level of data security appropriate to the risk, taking into consideration the costs of implementation, the nature, scope, context and purposes of data management, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
- Within the scope of their tasks regarding IT protection, Data Controller shall ensure in particular:
- denying unauthorised persons to access the equipment used for data management (hereinafter: data management system)
- prevention of unauthorised reading, copying, modification or deletion of the data carriers,
- prevention of unauthorised input of personal data into the data management system, furthermore the unauthorised reading, modification or deletion of the personal data stored therein,
- prevention of the use of data management systems by unauthorised persons, using data transmission equipment,
- that the persons authorised to access the data management system may access only the personal data specified in the access permission,
- the possibility to verify and establish to which recipient personal data is forwarded or may be forwarded, as well as made available by the use of a data transmission equipment.
- the possibility of retrospective verification and establishment of what personal data has been entered into the data management system, as well as when and by whom.
- prevention of unauthorised reading, copying, modification or deletion of personal data during their forwarding or transportation of the data carrier.
- the recovery of the data management system in the event of a system breakdown.
- that the data management system is functional, errors during its functioning are recorded, and that the stored personal data cannot be modified by system malfunction.
- A detailed explanation of different types of data management processes is available at the headquarters, and Data Controller shall send it on request.
- Profiling does not take place during any of the data management processes.
- Data communication to a third party may happen in respect of data management, specified in the detailed data management notice and in the event of data communication during data management specified below in connection with the managed data, the recipient of the communication (Data Controller or Data Processor) shall be specified in a separate annex.
- The Cookie Notice has been prepared separately.
- The following summary contains all data management of Data Controller, except for the ones that regard only the Colleagues of Data Controller or internal operations.
| Summary table of data management for delivery | ||||||
| Purpose | Legal Basis | Data Subjects | Data Category | Period | Mode | Source |
| fulfilment of the agreement: on-time delivery of the goods / products to the specified address, and contact in order to fulfil the agreement | conclusion of agreement (Article 6 (1b) of the GDPR) or legitimate interest (if Data Subject is a representative / contact person) | Any natural persons, including those acting in the name of or representing an organisation, who order a delivery service from Data Controller | See the Data Management Notice for details | in limitation period | electronic, paper-based, manually | Data Subject |
| Summary table of data management related to permission notices | ||||||
| Purpose | Legal Basis | Data Subjects | Data Category | Period | Mode | Source |
| To prove legal basis of data management, as well as fulfilment of permission, and contact. | Voluntary permission | All natural persons who give a permission notice to Data Controller, consenting to the management of their data for any purpose. | See the Data Management Notice for details. | until the withdrawal / cancellation of permission the deletion of permission notices takes place after the end of the limitation period | electronically and/or paper-based, manually | Data Subject |
| Summary table of data management related to pictures, video and audio recordings of Data Subject, recorded with permission of Data Subject | ||||||
| Purpose | Legal Basis | Data Subjects | Data Category | Period | Mode | Source |
| purpose specified in Data Subjects permission | Voluntary permission | all natural persons who give prior consent to be the subject of a picture, video and/or audio recording | See the Data Management Notice for details. | until deletion at Data Subject’s request | is done electronically and/or paper-based, manually | Data Subject |
Cookie Notice
Data Controller (Wellis Hungary Plc., headquarters: 1118 Budapest, Budaörsi út 31/C., email address: info@wellis.hu, phone: 29/564-380) With regard to Section 4 (155) of the Electronic Communications Act of 2003, according to which „Data may only be stored or accessed on the electronic communication device of a subscriber or user, on the basis of consent of the user in concern, preceded by a clear and complete information, including the purpose of data management”, provides the following information in relation to the analytical tools, i.e. cookies used by them.
Data Controller uses the following cookies, whose purpose is specified as follows:
Strictly Necessary Cookies
These types of cookies are indispensable for the adequate functioning of our website. Without consenting to these cookies, the Data Controller cannot guarantee the adequate functioning of the website as expected, nor the accessibility of all information searched for by the user.
These cookies do not collect personal data from Data Subject or any data that may be used for marketing reasons.
Strictly Necessary Cookies are for example the Performance Cookies, which collect information about whether the website functions adequately, or any malfunctions. By signalling any potential malfunctions, they help Data Controller in perfecting the website and signal which parts of the website are most popular.
Functional Cookies
These cookies ensure the consistence of the website tailored to the Data Subjects needs, and remember the settings chosen by Data Subject (such as colour, font size, layout).
Targeting Cookies
Targeting Cookies ensure that the advertisements displayed on the website are based on topics that interest the Data Subject. The advertisements displayed on the website are primarily related to services and products offered by Data Controller and serve to facilitate Data Subject’s access to more favourable offers.
Third-party Cookies
It is possible that cookies provided by a third party – for example a social media site – may be displayed on the website, which allows to share or like certain content, and which may send information to a third party for later use such as displaying similar advertisement on other websites for Data Subject.
Cookies also help improve the ergonomics of the website, in the creation of a user-friendly website, to enhance online user experience.
Analytics, Facebook pixel
Data Controller embeds JavaScript code into the web page (or any of its subpages) using a so-called Facebook pixel (formerly a conversion tracking pixel) tool that sends a message to Facebook when a user visits the page or performs an action there. On the one hand, this helps understand the return on advertising costs of Data Controller, while on the other hand it facilitates the display of advertisements to users whose conversion is more likely outside Facebook. Facebook pixel does not collect, store or forward personal data. About the use and functioning of Facebook pixel, further information can be found on www.facebook.com.
Facebook remarketing
Data Controller embeds a set of codes into the web page (or any of its subpages), the purpose of which is displaying Data Controller’s advertisements on Facebook to the user who previously visited the website. The Facebook remarketing code does not collect, store or forward personal data. About the use and functioning of the Facebook remarketing code, further information can be found on www.facebook.com.
Google Adwords remarketing
Data Controller embeds a set of codes into the web page (or any of its subpages), the purpose of which to make available Data Controller’s advertisements to the user who previously visited the website, when browsing websites of the Google Display Network and searching terms related to Data Controller or the services of Data Controller in Google’s system. This set of codes does not collect, store or forward personal data. About the use and functioning of the set of codes, further information can be found on http://support.google.com.
According to this, Data Controller does not use the analytical tools to collect personal data.
Data Controller informs the users that most internet browsers automatically accept cookies, but visitors have the possibility to delete or automatically reject them.
All browsers are different; the user can set their cookie preferences individually with the help of the browser’s settings.
Data Controller informs the users that in case they decide not to accept the cookies, some features of the website might not work.