PRIVACY POLICY

 

Raw Foods Kft. (hereinafter: Data Controller) publishes through this notice the rules governing the processing of personal data collected during in-person meetings, via the website (https://www.rawfoods.hu/, https://lavita-vegan.com/), by e-mail, telephone, orders and other forms of contact, as well as the data protection and data management principles applied.

 

1.    Details of the Data Controller

The Data Controller is Raw Foods Korlátolt Felelősségű Társaság
Registered address: 1037 Budapest, Kanász utca 14. fszt. 1.

Company registration number: 01-09-297022

Tax number: 25932418-2-41

Phone: +36 30 782 92 77

E-mail: info@rawfoods.hu
Represented by: János Juhász, Managing Director

 

2.    Categories of data processed and legal basis for processing

 

a.    When visiting the website

 

Our website can be visited without registration. When you visit our website, data may be collected using cookies. By clicking accept, visitors can agree to the use of cookies that cannot identify individuals, as described in this notice.

You can manage and/or delete cookies at your discretion. For more information, please visit www.aboutcookies.org. You can delete all cookies stored on your computer and disable their installation in most browsers. In that case, you may need to manually adjust certain settings each time you visit a page, and some services and features may not work.

 

b.    When subscribing to the newsletter

 

On our website, you can subscribe to our newsletter by providing your full name and e-mail address. We will send you marketing communications through this service. The legal basis for processing your personal data (full name, e-mail address) is your voluntary consent. You may withdraw your consent or unsubscribe at any time, in which case your personal data will be deleted.

 

c.     When using our services

 

If you wish to use our services, you may do so through our webshop (https://lavita-vegan.com/) by providing the following personal data:

· full name

· e-mail address

· phone number

· delivery address

The provision of this data is necessary for contact, ordering and fulfilment of services. The legal basis is the performance of a contract or pre-contractual measures (GDPR Art. 6(1)(b)).

 

d.    When making contact

 

When you contact us for any reason, we process the personal data you provide. The legal basis is your voluntary consent. You may withdraw your consent at any time, upon which your data will be immediately deleted, unless retention is required by law or for the assertion of legal claims.

 

3. Purpose and duration of data processing

 

a. Website use: Purpose is the smooth operation of the website and improvement of the user experience. Duration: you may delete cookies at any time.

 

b. Newsletter subscription: Purpose is marketing contact and maintaining communication with you. Duration: until you request deletion or withdraw your consent.

 

c. Use of services: Purpose is to prepare and fulfil your order. Duration: if a contract is concluded, as per the contract; otherwise, 30 days from the last contact.

 

d. Existing contract: Purpose is contract performance and the assertion of related claims. Duration: for the duration of the legal relationship and applicable limitation periods. Invoice data is retained for 8 years in accordance with accounting law.

 

e. Contact: Purpose is to answer your enquiries. Duration: until you withdraw your consent.

 

4. Persons entitled to access personal data

Personal data may be accessed by the Data Controller, its employees, the data processors engaged by it and its business partners, in accordance with applicable law. The list of data processors is contained in Annex 1, which forms an integral part of this notice.

The Data Controller reserves the right to involve additional data processors in the future, of which it will inform data subjects by amending this notice.

 

5. Location of data processing

The registered address and branch office of the company.

 

6. Data transfers

A data transfer is the passing on or making available of data to a third party (neither the company nor the data subject). All data transfers must be preceded by a check that the legal basis exists. A record must be kept of every data transfer. Where required by law, data may be transferred to authorised authorities or courts. The Data Controller does not transfer data to third countries beyond what is stated in this notice.

 

8. Rights of data subjects

You have the following rights:

- Access: You may request information on whether your data is being processed and obtain a copy free of charge.

- Rectification: You may request the correction of inaccurate data or completion of incomplete data.

- Erasure (right to be forgotten): You may request deletion when data is no longer necessary, consent is withdrawn, processing is unlawful, or other grounds under GDPR apply.

- Restriction: You may request restriction of processing in certain circumstances.

- Data portability: You may receive your data in a structured, commonly used, machine-readable format and transfer it to another controller.

- Objection: You may object to processing based on legitimate interests or for direct marketing purposes.

Requests should be sent to info@rawfoods.hu or by post to Raw Foods Korlátolt Felelősségű Társaság, 1037 Budapest, Kanász utca 14. fszt. 1. The Data Controller will respond within one month.

 

9. Data Protection Impact Assessment

Where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller will carry out a data protection impact assessment prior to the processing.

 

10. Data security

The Data Controller is committed to ensuring the security of data and will take all necessary technical and organisational measures to protect data from destruction, unauthorised use or modification. Only the Data Controller and its employees and engaged processors may access the data. While we use state-of-the-art security tools, complete data security on the internet cannot be guaranteed.

 

11. Handling and reporting of data breaches

A personal data breach is any event resulting in the unlawful processing of personal data, including unauthorised or accidental access, alteration, disclosure, deletion, loss or destruction. The Data Controller will notify the National Authority for Data Protection and Freedom of Information (NAIH) without undue delay and within 72 hours of becoming aware of a breach, unless it is unlikely to result in a risk to individuals' rights and freedoms.

 

12. Legal remedies

The Data Controller does its best to ensure lawful data processing. If you believe we have failed to do so, please write to info@rawfoods.hu or by post to Raw Foods Korlátolt Felelősségű Társaság, 1037 Budapest, Kanász utca 14. fszt. 1.

You may also lodge a complaint with:

National Authority for Data Protection and Freedom of Information (NAIH) – 1125 Budapest, Szilágyi Erzsébet fasor 22/C., ugyfelszolgalat@naih.hu, www.naih.hu

or the competent court.

 

13. Other provisions

This notice is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

 

Annex 1 – List of Data Processors

Rackhost Zrt., 6722 Szeged, Tisza Lajos körút 41, Hungary. – Technical hosting of the Raw Foods website

Room Six e.U., 1100 Wien, Canettistraße 1/305, Austria – Website development and operation