1 INTRODUCTION
CafeAlcalino (hereinafter: Service Provider, Data Controller) is hereby committed to complying with the following Policy: In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 for the protection of natural persons against processing of personal data and for the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation -GDPR), we hereby make the following notification. This Privacy Policy governs the data management practices of the following websites: www.cafealcalino.com The Privacy Policy is available at: https://www.cafealcalino.com This Policy has been drafted based on the GDPR and relevant Hungarian legislation. Changes to the policy will be effective from the time of their notification at the above web address.
1.1 The Data Controller and his contact details:
Name: CafeAlcalino BASE: 128 City Rd, London EC1V 2NX, United Kingdom E-mail: info@cafealcalino.com
1.2 Contact details of the Data Protection Officer:
E-mail: info@cafealcalino.com Τηλέφωνο: +306976111906 , 07552500638
2. Principles governing the processing of personal data
Personal data should:
- are lawfully and legitimately processed in a transparent manner in relation to the data subject (“lawfulness, objectivity and transparency”),
- are collected for specified, explicit and lawful purposes and are not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes is not considered incompatible with the original purposes in accordance with Article 89(1) (“purpose limitation”)
- are appropriate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimization”),
- are accurate and, where necessary, updated; must all reasonable steps be taken to promptly delete or correct personal data that is inaccurate in relation to the purposes of the processing (“accuracy”)?
- are kept in a form that allows the identification of the data subjects only for the period necessary for the purposes of the processing of the personal data; the personal data may be stored for longer periods, as long as the personal data will be processed only for the purposes archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes, in accordance with Article 89 paragraph 1 and as long as the appropriate technical and organizational measures required by this regulation are applied to ensure the rights and freedoms of the data subject ( “restriction of storage period”);
- are processed in a way that guarantees the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures (“integrity and confidentiality”) The controller bears responsibility and is able to demonstrate compliance with paragraph 1 (“accountability”).
The Controller declares that its data processing practices are in accordance with the principles set out in this section.
3. Special cases of data processing
Registration and Membership Contact Contact Contact Newsletter Newsletter, DM activity Complaint handling We hereby inform you that the provision of personal data is based on a legal obligation. The processing of personal data is a prerequisite for signing the contract. You are obliged to declare your personal data so that we can handle your complaint. In case of failure to declare the data, we will not be able to handle your complaint.
4. Beneficiaries to whom the personal information must be disclosed
“Recipient”: natural or legal person, public authority, agency or other entity, to whom the personal data is disclosed, regardless of whether it is a third party or not.
5.Handling of cookies
The cookies used in online stores are called “cookies for the management of password-protected work”, “cookies necessary for the shopping cart”, and “protection cookies”, “necessary cookies”, “functional cookies”, and “cookies for management of website statistics” for the use of which prior consent of the subject is not required. Facts of data collection, the purpose of controlled processed data: individual identification number, dates, times Parties concerned: All parties visiting the website. The purpose of data processing: user identification, “shopping cart” registration and visitor tracking. Data processing time period, deadline for data deletion:
6. Use of Google and Facebook services
Using Google Adwords Change Tracking
Use of it Google Analytics
Facebook pixel
Social networking sites
7.Customer relations and other data management
If, while using the services of the controller, questions arise or the person concerned has a problem, he/she can contact the controller through the contacts listed on the website (telephone, e-mail, social networking sites, etc. ). In no more than 2 years after publication, the data controller will delete the received e-mails, messages, data received by telephone or via Facebook, etc. together with the name, e-mail address and other voluntarily declared data of the interested party part. For data processing, which is not mentioned in this prospectus, information will be given when the data is recorded. In exceptional requests of the Authorities, or based on legal authorization, at the request of other bodies, the Service Provider will provide information, publish data, transmit data and make documents available to them. In these cases, the Service Provider will disclose personal data to the requester only to the extent and to the extent that is absolutely necessary for the purpose of the request, as long as he/she states the exact purpose and object of the data.
8.Rights of the interested party
You have the right to be informed by the controller as to whether your personal data is being processed and, if so, you have the right to access the personal data and the information referred to in this notice. You have the right to demand, upon request, from the controller without undue delay the correction of inaccurate personal data concerning you. Bearing in mind the purposes of the processing, you have the right to request the completion of incomplete personal data, including through a supplementary statement. You have the right to ask the controller to delete personal data concerning you and the controller is obliged to delete personal data without undue delay under certain conditions. If the controller has made the personal data public and is required to delete the personal data, the controller, taking into account the available technology and implementation costs, takes reasonable measures, including technical measures, to inform the controllers processing the personal data, that the data subject has requested the deletion from these controllers of any links to that data or copies or reproductions of said personal data. You have the right to request the controller to restrict the processing when one of the following applies: you question the accuracy of the personal data, for a period of time that allows the controller to verify the accuracy of the personal data. the processing is unlawful and the data subject objects to the erasure of the personal data and requests, instead, the restriction of its use the controller no longer needs the personal data for the purposes of the processing, but these data are required by the data subject for the establishment, exercise or support of legal claims you have objections to the processing, pending verification of whether the legitimate reasons of the controller prevail over those of the data subject. You have the right to receive your personal data in a structured, commonly used and machine-readable format, as well as the right to transmit said data to another controller without objection from the controller to whom the personal data was provided. In case the data processing is based on legitimate interests or official authority, as a legal basis, you have the right to object, for reasons related to your particular situation, at any time to the processing of personal data concerning you, including profiling under the provisions in question. As long as your personal data is processed for direct professional acquisition, you have the right to object at any time to the processing of personal data concerning you, including profiling, as long as it is related to direct professional acquisition. If you object to the processing of personal data for the purpose of direct business acquisition, your personal data will no longer be able to be processed for the above reason.
You have the right not to be subject to a decision made solely on the basis of automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. The previous paragraph does not apply when the decision: is necessary for the conclusion or the performance of a contract between the data subject and the data controller? is permitted by Union law or the law of a Member State to which the controller is subject and which also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject or is based on your express consent.
9. Deadline for actions
The data controller will inform you, without undue delay, within 1 month of receipt of the application, of the measures taken for the above applications. If deemed necessary, it can be extended for 2 months. The data controller will inform you of the extension of the deadline stating the reason for the delay within 1 month of receiving the application. If the controller fails to take action following your request, he or she will inform you without delay no later than 1 month after receiving the request about the reasons for his or her inaction and whether you can lodge a complaint with the supervisory authority and ask for his/her treatment.
10. Security of data processing
The controller and the processor, taking into account the latest developments, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity to the rights and freedoms of the of natural persons, implement appropriate technical and organizational measures in order to ensure the appropriate level of security against risks, including, among others, as appropriate: the pseudonymization and encryption of personal data the ability to ensure confidentiality, integrity, availability and reliability of processing systems and services on an ongoing basis of the possibility of restoring the availability and access to personal data in a timely manner in the event of a physical or technical event of the process for the regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures for ensuring the security of the processing.
11. Notification of a personal data breach to the data subject
When the personal data breach may put the rights and freedoms of natural persons at high risk, the controller shall notify the data subject of the personal data breach without undue delay. The information given to the subject must be clear and easy to understand and the nature of the breach must be disclosed as well as the name and contact details of the Data Protection Officer or anyone else who can provide additional information, also the possible effects of the breach must be described , the measures taken or planned to be taken by the controller to remedy the problem, including, where appropriate, measures to mitigate the possible adverse effects of the breach. Notification to the data subject is not required if any of the following conditions are met: the controller has implemented appropriate technical and organizational protection measures, and these measures have been applied to the personal data affected by the breach, in particular measures that make the data unintelligible personal to those who do not have permission to access them, such as encryption? has the controller subsequently taken measures that ensure that the above high risk to the rights and freedoms of data subjects is no longer likely to occur? In this case, a public announcement is made instead or there is a similar measure by which the data subjects are informed in an equally effective way. If the controller has not already communicated the personal data breach to the data subject, the supervisory authority may, having considered the possibility of a high risk arising from the personal data breach, ask him to do so.
12. Notification of a personal data breach to the supervisory authority Possibility of filing a complaint
The personal data breach must be notified to the supervisory authority in accordance with Article 55 without undue delay and, if possible, within 72 hours of becoming aware of the fact unless the personal data breach is unlikely to cause a risk to the rights and freedoms of natural persons. Where notification to the supervisory authority is not made within 72 hours, it shall be accompanied by a justification for the delay.
Possibility of filing a complaint
You can submit a complaint about a possible violation of the controller to the National Authority for Data and Information Protection: