PRIVACY NOTICE ON COOKIE PROCESSING ACTIVITIES
Details of the Controller
Name: BioTech USA Korlátolt Felelősségű Társaság
Registered seat: H-1033 Budapest, Huszti út 60, Hungary
Company registration number: 01-09-352550
Tax number: 25114681-2-44
Registered by: Court of Registration of the Metropolitan Court of Budapest
Postal address: H-1033 Budapest, Huszti út 60, Hungary
Electronic mailing address: info@dieta.hu
Phone number: +36 1 453 2716
III. Details of the Controller’s Data Protection Officer
Postal address: H-1301 Budapest, Pf. 30., Hungary
Electronic mailing address: dpo.btu@dnui.hu
Phone number: +36 1 788 3035
The Controller’s processing activities performed on both the https://shop.biotechusa.com and the https://biotechusa.com website
- A) Cookies
Anonymous visitor identifiers (cookies) are files or pieces of information stored on your computer (or other internet-compatible devices such as smartphones or tablets) when you visit one of our websites. A cookie generally contains the name of the website where it came from, its own “lifetime” (i.e. how long it will remain on your device) and its value that is usually a randomly generated unique number.
We use cookies so that we can better customise our websites and offer you products matching your interests and needs, thereby making it easier for you to use our websites. Cookies help accelerate your future activities and improve your user experience on our websites. Cookies are also suitable for preparing anonymous aggregated statistics, helping us understand how people use our websites so that we can improve their structure and content.
As for their duration, there are so-called session cookies or persistent cookies. Session cookies are temporary, that is, they remain on your device only until you are browsing our website. Persistent cookies remain on your device for much longer; they may stay up to the point when you delete them manually.
Pixel tags are used by other sites to collect information that can be disclosed to third parties. This directly supports our promotional activities and website development. For example, the information on website usage by our visitors can be shared with marketing agencies so that we can use online advertisements on our website more efficiently.
Most internet browsers accept cookies by default. You can change the settings to disable cookies and/or request a notification on cookies being stored on your device. There are several ways to manage cookies. Please check your browser information or the help menu if you want to learn more about browser settings and how to change them.
If you disable the cookies we use, this may affect your experience while browsing our websites. For example, you may not be able to visit certain parts of the BioTechUSA website or you may not receive personalised information while browsing a BioTechUSA site.
If you use different devices (e.g. computer, smartphone, tablet etc.) for visiting and using BioTechUSA websites, make sure that all browsers on such devices are set to meet your cookie preferences.
Cookies used on our website can be categorised as follows:
Essential
These cookies help making the website suitable for use by providing fundamental functions such as site navigation. The website cannot properly operate without these cookies, and so it is mandatory to accept them.
Legal basis for processing: The Controller’s legitimate interest as per Article 6(1)(f) of the GDPR, relating to the appropriate operation of the website.
Purpose of processing: The appropriate and secure operation of the website’s functions.
Duration of processing: Until the date individually specified in the Cookie Policy.
Preferences
These cookies allow the website to remember information (such as the language used or the region) that change the website’s behaviour or appearance. Accepting these cookies is optional.
Legal basis for processing: The website user’s consent as per Article 6(1)(a) of the GDPR.
Purpose of processing: To facilitate the use of the website.
Duration of processing: Until consent is withdrawn, but no later than the date individually specified in the Cookie Policy.
Marketing
These cookies are used to monitor website visitors. The aim is to display advertisements that are relevant and interesting for the given visitor, and therefore are more valuable for the displaying party and third-party advertisers. Accepting these cookies is optional.
Legal basis for processing: The website user’s consent as per Article 6(1)(a) of the GDPR.
Purpose of processing: To display advertisements for website visitors that are relevant and of interest to the given website visitor.
Duration of processing: Until consent is withdrawn, but no later than the date individually specified in the Cookie Policy.
Other
The categorisation of these cookies with the help of their individual providers is underway. Accepting these cookies is optional.
Legal basis for processing: The website user’s consent as per Article 6(1)(a) of the GDPR.
Purpose of processing: Helps website visitors access relevant information through the optimal operation of website functions.
Duration of processing: Until consent is withdrawn, but no later than the date individually specified in the Cookie Policy.
Recipients:
The Controller’s staff and the Processors involved in the operation of cookies.
See the Cookie Policy for detailed information on the cookies used on the websites.
Upon your first visit to the website, a window pops up at the bottom of the screen with the Cookie Policy. It contains a description of the individual cookies used on the website, their function and duration.
You can allow cookies by clicking the “Accept all cookies” button. By clicking the “Cookie settings” button, the cookies stored by the individual groups (categories) can be allowed or disabled.
Cookies can be abled or disabled by groups (categories), and the operation of the relevant cookies can be confirmed by clicking the “Accept” button.
If new cookies are used on the website, they need to be accepted and allowed. In such a case, the window at the bottom of the screen pops up again and highlights the groups of cookies where there has been a change. New cookie(s) can be accepted in the manner described above.
Previously accepted cookies can, of course, be checked and changed at any time. Click here to review cookies: Cookie settings.
Where a cookie also stores personal data, its description contains a notice to that effect.
The company Emarsys eMarketing Systems GmbH (address: Märzstrasse 1, 1150 Vienna, Austria) participates in the processing of the data collected by the cookies in its capacity as data processor.
- B) Profiling
Profiling means any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject's personal preferences or interests, location or movements.
With the help of profiling, the Service Provider can send you targeted, customised offers and messages based on your previous orders and online behaviour.
The Service Provider can obtain data necessary for profiling through the following activities:
- completion of the profile diversification questionnaire: name, email, date of birth, sex, purpose (what is your goal with using food supplement products? e.g. getting ripped, diet, bulking up).
- online shop purchase: purchase data (what, when, for how much, from where, payment method).
- browsing the website, behaviour: website use (the page visited is a product page, category page, cart content, search).
On the basis of purchase and behaviour information and by using artificial intelligence, Emarsys eMarketing Systems GmbH identifies data concerning the user based on which the Service Provider can create segments suitable for running personalised campaigns.
Personal data processed: a) collected from the data subject: name, email, city, postcode, date of birth, phone number, sex, purchase data, IP address (used for registration); b) derived data collected other than from the data subject: (based on prediction or machine learning algorithm): favourite products, favourite categories, date and duration of last website visit; c) in addition, there are other data which the Service Provider can filter and use for creating segments: email interactions (opening/clicking/affinity for email categories, device and city of clicking/opening), user’s purchase life cycle, customer status (based on spending), average spending.
Purpose of processing: sending targeted, personalised offers and messages.
Legal basis of processing: the consent of the data subject as per Article 6(1)(a) of the GDPR. The data processor uses marketing cookies for profiling; therefore, when accepting the Cookie Policy, the consent to or disagreement with profiling can be expressed by granting or refusing to grant the consent to the use of marketing cookies.
Duration of processing: until the withdrawal of the data subject’s consent. In order to ensure that the data are not kept longer than necessary, the data controller will erase the personal data after 3 years from the date of such consent even if consent is not withdrawn.
Recipients: as data processors, Emarsys eMarketing Systems GmbH (address: Märzstrasse 1, 1150 Vienna, Austria) and Antavo Ltd. (registered seat: 9th floor, 107 Cheapside, London EC2V 6DN, United Kingdom; company registration number: 8046168; tax number: GB137725793; website: https://www.antavo.com/)
- C) Remarketing
Remarketing allows the Service Provider to display advertisements for persons who have visited its website earlier or have provided their email address.
Personal data processed: email address, purchase data.
Purpose of processing: displaying advertisements for Website users on Facebook and Google.
Legal basis of processing: the Service Provider’s legitimate interest as per Article 6(1)(f) of the GDPR (direct marketing). The Service Provider obtains the user’s email address when the user subscribes to the newsletter, based on the subscriber’s consent. This means that the Data Controller is processing the provided email address also for a purpose (remarketing) other than the purpose of data collection (delivery of newsletters).
Duration of processing: the data subject shall have the right to object at any time to processing of personal data concerning him or her for such remarketing purposes. Should the user withdraw his or her consent given to the delivery of newsletters (which he or she may do at any time), the user’s data will not be processed for remarketing purposes either. In order to ensure that the data are not kept longer than necessary, the data controller will erase the personal data after 3 years from the date of last opening a newsletter even if no objection or the withdrawal of consent is submitted.
Recipients: Emarsys eMarketing Systems GmbH as data processor (address: Märzstrasse 1, 1150 Vienna, Austria), that, based on the Service Provider’s instructions, transfers the advertisement to be displayed, along with the email addresses, to Facebook Ireland Ltd. (address: 4 Grand Canal square, Grand Canal Harbour, D2 Dublin, Ireland; Facebook Ads) and to Google Inc. (address: 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA) (Google AdWords), which are also data processors and display the advertisement for their registered users whose email address kept on record with them is included in the list received from Emarsys.
- D) Other
The Data Controller’s online marketing activity is also coordinated by a contracted service provider who, in the context of its activity, has access to the personal data stored and processed by the Data Controller, but who only processes such data for the purpose they were collected and in compliance with data processing and privacy regulations: CoffeeBreak Consulting Kft. (registered seat: H-2030 Érd, Technikus utca 78; company registration number: 13 09 189915, tax number: 26166124-2-13, email: hello@thecoffeebreak.hu).
Information on processing not listed herein will be provided the relevant data is recorded.
Please note that the courts, prosecution services, investigating authorities, the authorities dealing with administrative offences, administrative authorities, the Hungarian National Authority for Data Protection and Freedom of Information or other bodies authorised by law may contact the Data Controller for information, disclosure or transfer of data, or the provision of documents.
Provided that the requesting authority has specified the exact purpose of use and the scope of the data, the Data Controller will only disclose those personal data to the requesting authority and only to such extent that is indispensable for the implementation of the purpose of the request.
Disabling, deleting cookies
You have the option to restrict or clear cookies in your browser. The method used may vary depending on the browser you are using, and is accessible in the browser settings or in the Help menu.
Detailed information regarding cookie settings of various browsers is available at the following links:
For Internet Explorer: Delete and manage cookies (microsoft.com)
For Microsoft Edge: Delete cookies in Microsoft Edge
For Chrome: Clear, enable and manage cookies in Chrome - Android - Google Chrome Help
For Firefox: Clearing cookies placed by websites from the computer | Firefox Help (mozilla.org)
For Safari: Manage cookies and site data in Safari on Mac - Apple Support
Rights of Website visitors and users related to processing
Pursuant to effective legal regulations, you, as data subject, are entitled to exercise the following rights, however, please note that the distinctive technical features of cookies may impact the exercise of such rights. Accordingly, we recommend that you take advantage of the options detailed in the previous Section of this Notice.
Please note that in the event of data processing based on your consent, you have the right to withdraw your consent at any time. The withdrawal will not affect the lawfulness of processing performed before the withdrawal of such consent.
Please note that you have the right to object at any time to processing of personal data concerning you which is based on the Data Controller’s or a third party’s legitimate interests.
You may request information free of charge on the details of processing of your personal data, you may request the rectification, erasure, restriction of processing of your data, and may object to the processing of such personal data. Such requests can be submitted using the Data Controller’s contact details specified in Section II above.
The Data Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient (data processor) to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will provide you with information on such recipients upon your request.
The Data Controller shall provide information on actions taken on a request as per sub-sections (a)-(f) below without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data Controller shall provide information on any such extension within one month of receipt of the request, together with the reasons for the delay.
Where you make the request by electronic means, the information shall be provided by the Data Controller by electronic means where possible, unless you request otherwise.
If the Data Controller does not take action on your request, it shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
- a) Right of access:you shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access the personal data and the following information: the purpose of processing, the categories of personal data concerned, data processors, duration of processing and, where the personal data are not collected from you, any available information as to their source.
- b) Right to rectification:you shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed.
- c) Right to erasure(“right to be forgotten”): you shall have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw your consent on which the processing is based and there is no other legal ground for the processing; you object to processing; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in EU or Member State law to which the Data Controller is subject.
Where the Data Controller has made the personal data public and is obliged to erase the personal data, the Data Controller shall take reasonable steps to inform data controllers which are processing the personal data that you have requested the erasure by such data controllers of any links to, or copy or replication of, the personal data.
- d) Right to object:you shall have the right to object at any time to processing of personal data concerning you which is based on the Data Controller’s legitimate interests. In such a case, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- e) Right to restriction of processing:you shall have the right to obtain from the Data Controller restriction of processing where you contest the accuracy of the personal data; the processing is unlawful; the Data Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; you have objected to processing. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.
- f) Right to data portability:where the processing is based on consent or contract or serves the performance of a contract, and is carried out by automated means, you shall have the right to receive the personal data concerning you, which you have provided, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller.
Method of storing personal data, security of processing
The Data Controller’s servers are operated, and maintained in the event of any arising problems, by companies employed for this purpose.
Details of the data processor company: Mongouse Kft. (address: H-1117 Budapest, Budafoki út 183)
Details of the data processor company: Servergarden Kft. (address: H-1023 Budapest, Lajos utca 28-32)
Details of the data processor company: Rackforest Zrt. (address: H-1132 Budapest, Victor Hugo utca 11.)
The Data Controller uses a server service, which is operated, and maintained in the event of any arising problems, by another company employed for this purpose: JLM PowerLine Kft. (address: H-2111 Szada, Ipari park út 12-14).
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller shall implement appropriate technical and organisational measures to ensure a level of data security appropriate to the risk.
The Data Controller implements appropriate measures to protect the data in particular from unauthorised access, alteration, transfer, disclosure to the public, erasure or destruction, accidental destruction and compromise, as well as from becoming inaccessible due to changes in the technology applied.
The Data Controller’s IT system and network are protected against computer-assisted fraud, spying, sabotage, vandalism, fire and flood, computer viruses, hacking and denial-of-service attacks. The Data Controller has server-level and application-level protection mechanisms in place to provide for security.
Electronic messages forwarded through the internet, irrespective of protocol (email, web, ftp, etc.) are vulnerable to network threats which may lead to unfair activities, challenging the contract, or the disclosure or alteration of information. The Data Controller will take all reasonable precautions to provide protection against such threats. It monitors its systems so that any security discrepancies can be logged and that it has evidence in case of security incidents. In addition, system monitoring also allows for the efficiency of the precautions applied to be verified.
The Data Controller documents any personal data breaches, if any, comprising the facts relating to the personal data breach, its effects and the remedial action taken.
Lodging complaints
If you believe that the processing of personal data concerning you infringes on the legal provisions regarding data protection, you have the right to turn to court or lodge a complaint with the supervisory authority against the Data Controller.
Supervisory authority: Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
registered office: H-1055 Budapest, Falk Miksa utca 9-11.
postal address: H-1363 Budapest, Pf.: 9
phone: (+36 1) 391-1400
fax: (+36 1) 391-1410
email: ugyfelszolgalat@naih.hu
website: https://naih.hu/
Effective from: as of 10.07.2021
Dated: 24 May 2018
BioTech USA Kft.