Privacy Policy

Effective as of 17 May 2023

Click here to download, print and view the Contract. (link)

ILCSI is committed to protecting and safeguarding your personal data, and issues this Notice to provide information on the processing of your personal data. This Privacy Notice provides a summary of what personal data are processed and used by Ilcsi Beautifying Herbs Organic Skin Care Ltd. (Ilcsi SZÉPÍTŐ FÜVEK Biokozmetikai KFT) and/or ILCSI E-Commerce Ltd. (ILCSI E-kereskedelmi Kft.) as individual controllers (each a Controller, jointly ‘ILCSI’ or ‘Controllers’), and how; and how the Controllers protect such data in relation to your browsing of the website, purchases in the webshop and/or in an Ilcsi Beauty Salon store and the use of other services provided to you.

Furthermore, this Privacy Notice shall also apply to data processing in connection with the official Ilcsi Facebook, Instagram, Youtube social media platforms (www.hu-hu.facebook.com/ilcsibeautifyingherbshungary, www.instagram.com/ilcsi_official/?hl=hu, https://www.youtube.com/user/IlcsiOrganicSkincare). 

What are personal data? Personal data means any information or partial information relating to you as a natural person, on the basis of which you can be directly (e.g. based on your name) or indirectly (e.g. through a personal unique identifier) identified. Your personal data include details such as: your first name and surname, home address, email address or phone number. 

This Privacy Notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).         

Click here to jump directly to the following topics:

CONTROLLERS’ NAME AND CONTACT DETAILS

DATA PROTECTION ADMINISTRATOR’S NAME AND CONTACT DETAILS

IF YOU ARE UNDER 18 YEARS OLD – INFORMATION FOR THOSE UNDER 18

THE CATEGORIES OF PERSONAL DATA PROCESSED, THE PURPOSE AND DURATION OF, AND THE LEGAL BASIS FOR PROCESSING

REGISTRATION

PROVISION OF A USER ACCOUNT, LOGIN TO THE USER ACCOUNT

PURCHASING PRODUCTS IN THE WEBSHOP

PLACING ORDERS OR SUBMITTING APPLICATIONS ON THE PROFESSIONAL PLATFORM OF THE WEBSITE

PAYMENT AND INVOICING, ISSUE OF ACCOUNTING DOCUMENT

CUSTOMER SERVICE, QUESTIONS RELATING TO THE PRODUCTS

COMPLAINT HANDLING

NEWSLETTER

DATA PROCESSING IN CONNECTION WITH TRAININGS AND EVENTS

DATA PROCESSING IN CONNECTION WITH CONFERENCES AND EVENTS

REPORTING ON EVENTS

DISPLAY OF ‘ILCSI BEAUTY SALONS’ ON THE WEBSITE

CUSTOMER SATISFACTION SURVEYS

STOCK MONITORING SERVICE

DATA PROCESSING IN RELATION TO OUR SOCIAL MEDIA ACCOUNTS

ENQUIRIES RELATING TO OUR PROCESSING OPERATIONS

FULFILMENT OF THE OBLIGATIONS IN RELATION TO PERSONAL DATA BREACHES

ENFORCEMENT OF LEGAL CLAIMS

BROWSING, COOKIES

CONSULTATION, SERVICE DEVELOPMENT, QUALITY ASSURANCE

CONTRACTUAL CONTACT PERSONS

LINKS TO OTHER WEBSITES

ACCESS TO DATA, DATA SECURITY MEASURES

DATA TRANSFER TO A THIRD COUNTRY

PROFILING

YOUR RIGHTS AND HOW TO ENFORCE THEM

CONTROLLERS’ NAME AND CONTACT DETAILS

Ilcsi Beautifying Herbs Organic Skin Care Ltd. (Ilcsi SZÉPÍTŐ FÜVEK Biokozmetikai KFT)

Registered office: H-1021 Budapest, Üdülő út 37, Hungary

Other registered place of business: H-1021 Budapest, Üdülő út 35. B. ép., Hungary

Company registration number: 01-09-698591

Tax number: 12688470-2-41

Intra-Community VAT: HU12688470

Registered and kept on record by: Company Registry Court of Budapest-Capital Regional Court (Hungary)

Email: info@ilcsi.com;

Website: www.ilcsi.com;

Social media platforms: www.hu-hu.facebook.com/ilcsibeautifyingherbshungary/ , www.instagram.com/ilcsi_official/?hl=hu, https://www.youtube.com/user/IlcsiOrganicSkincare.

ILCSI E-Commerce Ltd. (ILCSI E-kereskedelmi Kft.)

Registered office: H-1021 Budapest, Üdülő út 37, Hungary

Other registered place of business: H-1012 Budapest, Attila út 79. al. 1-3, Hungary

Company registration number: 01-09-288142

Tax number: 25770171-2-41

Intra-Community VAT: HU25770171

Registered and kept on record by: Company Registry Court of Budapest-Capital Regional Court (Hungary)

Email: in Hungarian: ugyfelszolgalat@ilcsi.com; in English: customercare@ilcsi.com

Please note that the above specified Controllers (Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.) form a group of undertakings, and so they may transmit certain personal data to each other for administrative purposes.

Please note that, for ease of comprehension, the identity of the controller acting as primary controller – i.e. the controller determining the purposes and means of processing, or being responsible for informing you and for answering your data processing enquiries – is also specifically indicated in the case of each data processing operation. If not otherwise specified in this Privacy Notice, the information shall apply regarding both companies. Where the Privacy Notice mentions a company group, this shall include the following companies: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.

Regarding certain data processing operations, they jointly determine the purposes and means of processing. The essential provisions of the contract concluded between them can be summarised as follows: Both controllers process your data. The controller indicated at the specific processing operations is responsible for providing the information mentioned in Articles 13 and 14 of the GDPR. The controller indicated at the specific processing operations is responsible for responding to your enquiries sent regarding that specific processing operation. However, you may exercise your rights pursuant to the GDPR in respect of both controllers via the adatvedelem@ilcsi.com email address or the contact information indicated above. In respect of any damage caused by data processing, the above Controllers shall have joint and several liability for the entire damage to provide actual compensation.

Name, address and contact details of the hosting service provider: Google Cloud EMEA Limited (70 Sir John Rogerson’s Quay, Dublin 2, Ireland)  https://cloud.google.com/ https://cloud.google.com/contact

DATA PROTECTION ADMINISTRATOR’S NAME AND CONTACT DETAILS

In accordance with the provisions of the GDPR, the Controllers did not appoint a Data Protection Officer. However, if you have any question or comment in relation to the data processing operations of either company or wish to exercise your rights, you can do so at the following e-mail address:

e-mail: adatvedelem@ilcsi.com, or

by a postal letter to Ilcsi SZÉPÍTŐ FÜVEK Biokozmetikai KFT to H-1021 Budapest, Üdülő út 37., Hungary or ILCSI E-kereskedelmi Kft. to H-1021 Budapest, Üdülő út 37., Hungary.

AMENDMENT OF THE PRIVACY NOTICE

Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd. reserve the right to unilaterally amend this Privacy Notice. If this Privacy Notice is amended, this fact will be specifically highlighted on the website. Any amendment to this Privacy Notice shall be effective as of the date of its publication on the website.

IF YOU ARE UNDER 18 YEARS OLD – INFORMATION FOR THOSE UNDER 18

Please note that you can only register on the website and/or create a retail or professional (beautician or beautician student) user account or purchase in the webshop individually if you are over 18 years. If you are under 18 years, ask one of your parents to help you use the website. If you are under 16 years old, then, before agreeing to cookies or subscribing to the newsletter, ask your parent to help you use these platforms and complete these platforms with the requested data together.

For parents: The website offers various services. Persons under the age of 18 may not register individually on the website or order products or services in the webshop. Therefore, in the case of underaged children below the age of 18, we request parents to place the order for their children. Furthermore, this section also applies to those who are under the charge of a guardian and have fully or partially limited capacity. Persons over the age of 16 can subscribe to newsletter and agree to the use of cookies, therefore, in the case of underaged children below the age of 16, we request parents to consent to the above on behalf of their children and, if possible, provide the requested data together.

THE CATEGORIES OF PERSONAL DATA PROCESSED; THE PURPOSE AND DURATION OF, AND THE LEGAL BASIS FOR PROCESSING

In the following, you can find a summary table regarding the processing of your personal data, which provides important information on what personal data are collected for what purposes and by which controller in connection with a given operation, what is the legal basis of data processing, and for how long are your personal data stored.

Please be informed that in certain cases the Controllers also use processors under contract during their activities; such recipients are bound by secrecy and data protection obligations. The personal data may also be disclosed to further recipients, such as e.g. in the case of enforcement of your legal claims, to the court, consumer protection authority and arbitration board having subject-matter and territorial competence for the case. Personal data may also be disclosed upon request by a public authority, court or other authority. For the ease of comprehension, the processors and recipients to whom your data are transmitted, along with the purpose of transmission, are specifically identified for each data processing operation.

Pursuant to Section 5 (5) of the Privacy Act, we shall review the necessity of mandatory data processing cases based on a legal obligation every 3 years if the relevant law does not specify the duration of processing or a different period of review. In accordance with the same legal provision, we shall retain the documentation on the circumstances and results of the review for ten (10) years following such review.

1. REGISTRATION

 1.1. REGISTRATION FOR RETAIL USERS

 The controller in respect of the data relating to retail user registration: ILCSI E-Commerce Ltd.

 For what purpose are your personal data processed?

So that you can register as a retail user on the website, and can create a retail user account in the framework of your registration e.g. for purchasing products more easily. Please note that registration is not necessary for webshop purchases; you may freely decide whether you want to register for your purchase and/or to create a user account within the framework of registration to facilitate your future purchases.

Data subjects: include the retail users who wish to create a retail user account on the website.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·       email address

·       the password chosen and provided by you during registration,

·       first name, surname,

·       skin type (optional),

·       birthday (optional)

·       for registration via a social media account, first and last name and e-mail address associated with your Google or Facebook profile

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you expressly consent to ILCSI E-Commerce Ltd. processing your personal data specified in this Section for the purposes of registration on our website as a retail user. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

We will process your personal data until the withdrawal of your consent.

 

We will review our data processing every 3 years, including the updating of data.

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to register and create a retail user account. Your email address for the confirmation of your registration, while the password serves to ensure your subsequent secure login to your user account. Your name helps us to identify you. When registering with a social media profile, your profile details are used to identify you. Optional information is required to use the convenience features available with your registration, if you provide it, you will be able to use certain convenience features (e.g. birthday greetings, skin type recommendations).

Manner of erasing the data: We will erase your above personal data following withdrawal of your consent. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.

To whom we may transmit your data:  Within the organisation of ILCSI E-Commerce Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/
Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

group of undertakings
MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14., HungaryProviding a customer management system.
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.

Aut O’Mattic Ltd.

 

Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, IrelandProvides us with webshop programming services for the archive data of the webshop and the website.
Automattic Inc.60 29th Street #343, San Francisco, CA 94110, USAProvides us with webshop programming services for the archive data of the webshop and the website.

1.2.   REGISTRATION FOR PROFESSIONAL USERS – BEAUTICIANS AND BEAUTICIAN STUDENTS

The controller in respect of the data relating to professional user registration: ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

So that you can register as a professional partner (as a beautician, beautician student or resale partner) on the website if you are one of our partners in your capacity as a beautician or beautician student. Within the framework of professional registration, you receive access to the services offered to our beauticians on our website.  Please note that we will verify your eligibility for registration for the professional platform and it will only become active after approval.

Data subjects: include the professional users who wish to create a professional user account on the website.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·       surname

·       first name

·       email address

·       phone number

·       the username and password chosen and provided by you during registration

·       birthday (optional)

·       entrepreneur name and tax number (where you do not need to enter it, it will be saved automatically)

·       for non-Hungarian registrants, certificate of student status for students, certificate of beautician and entrepreneur certificate for beauticians, company certificate (optional), entrepreneur certificate and other documents supporting registration, company certificate for resellers (optional)

·       for beauticians: customer card number (for Hungarian beauticians), name, address, phone number, email and URL of homepage of beauty salon

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you expressly consent to ILCSI E-Commerce Ltd. processing your personal data specified in this Section for the purposes of registration on our website as a professional user. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

We will process your personal data until the withdrawal of your consent.

 

The copy of your diploma is only requested for presentation while your registration is being checked and we will permanently delete such copy after verification is completed.

 

We will review our data processing every 3 years, including the updating of data.

 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to register as a professional user. Your first name, surname, entrepreneur name and tax number are necessary for your identification, your phone number for keeping contact, your email address for the confirmation of your registration, while the username and the password serves to ensure your subsequent secure login to your user account. In case of a beautician registration your customer card number and data of the cosmetic salon are necessary in order to verify your eligibility to register for the professional user platform on the Hungarian website; the same purpose is served by business or student status data for non-Hungarian registrations. We kindly ask you to hide any information on the uploaded copy of your diploma that is not relevant for registration. Necessary data of the diploma are: cosmetology qualification, beautician’s name and qualification, certificate number . Please mask on the uploaded copy of the diploma the data that are not relevant for the approval of the registration; the relevant data include: name of the beautician, fact of beautician qualification, certificate number. The optional data are necessary to use the convenience features available with your registration, if you provide them you will be able to use certain convenience features (e.g. birthday greetings, recommendations for skin type).

Manner of erasing the data: We will erase your above personal data following withdrawal of your consent. The copy of your diploma is only requested for presentation while your registration is being checked and we will permanently delete such copy after verification is completed. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.

To whom we may transmit your data:  Within the organisation of ILCSI E-Commerce Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/
Ilcsi Beautifying Herbs Organic Skin Care Ltd.H-1021 Budapest, Üdülő út 37., Hungarygroup of undertakings, administrative purposes with regard to the data in relation to the professional webshop
MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14., HungaryProviding a customer management system.
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.

Aut O’Mattic Ltd.

 

Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, IrelandProvides us with webshop programming services for the archive data of the webshop and the website.

Automattic Inc.

 

60 29th Street #343, San Francisco, CA 94110, USA Provides us with webshop programming services for the archive data of the webshop and the website.
local agent or distributor verify registration status

2. PROVISION OF A USER ACCOUNT, LOGIN TO THE USER ACCOUNT

2.1.  PROVISION OF A RETAIL USER ACCOUNT, LOGIN TO THE USER ACCOUNT

The controller in respect of the data relating to login to the retail user account and the provision of the retail user account: ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

If you are a retail user, so that you can log in to your retail user account created during registration and/or use your retail user account e.g. to facilitate your subsequent purchases e.g. by using the repurchase function.

Data subjects: include the retail users who have created a retail account on the website.

You may freely decide which data you upload to your user account (except for the data necessary for the performance of your order and for issuing the invoice), and you can freely edit or even delete your uploaded data later.

Which of your personal data do we process:

Login:

·       Email address

·       Password

·       when logging in via a social media account, your Google or Facebook email address and password

User Account:

On what basis do we process these (legal bases):For how long do we process these data:

·       surname

·       first name

·       email address

·       name to be displayed

·        phone number

·        date, time and website of registration

·        language settings

·        type of registration

·        data provided at the time of registration

·       customer ID

·       delivery address

·       invoicing country and address

·       skin type (optional)

·       birthday (optional)

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you expressly consent to ILCSI E-Commerce Ltd. processing your personal data specified in this Section so as to provide a retail user account to you. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

We will process your personal data until the withdrawal of your consent (deletion of account). 

 

We will review our data processing every 3 years, including the updating of data.

 

·       Your current and previous orders and the details thereof (order ID, products ordered, order total – the price of the individual products, the fact of using discounts and sum of discount, method and price of delivery, delivery and billing address, the fact of personal pickup if that was selected, means of payment, order status)

·       the fact of subscription for newsletter, settings of newsletter subscription

·       coupon code

·       data of personalised product recommendations

·       data of personalised cosmetic reviews

·       details of the workshops for which you have registered

·       your downloads

·       saved payment methods

·       where applicable, details of the activation of money-back guarantee

·       loyalty points

·       beautician (affiliated beautician)

Legitimate interest

(Article 6(1)(f) of the GDPR)

Our data processing is necessary for displaying your current and previous orders, the details thereof and any discounts in your retail user account and/or for providing this function to you. This data processing also serves the business and economic interests of ILCSI E-Commerce Ltd., the realisation of our envisaged business model, ensuring the high quality of our services and/or for our business development purposes. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: Only a limited number of dedicated employees within our organisation have access to the personal data. The complete balancing test is available here.

We shall process your personal data until you delete your retail user account and/or until you object to this processing – and where there is no other legal ground for the processing.

 

We will review our data processing every 3 years, including the updating of data.

 

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data processing administrator.

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to use your user account and/or certain relating convenience functions. Your first name and surname and the name to be displayed you have given are necessary for your identification, your email address and your password (in the case of login via a social media account, the same data relating to your profile) serves to ensure your secure login to your user account. Your email address, phone number, delivery and invoicing address, and the optional data (skin type, affiliated beautician, birthday) and the loyalty points are necessary to contact you and for you to be able to use the convenience functions e.g. easier placement of orders, product offers, advice, and offering discounts to you. We already have the data of your current and previous orders, they are made available to you to track your purchase and order and to facilitate future purchases. 

Manner of erasing the data: The data will be erased upon your objection or the withdrawal of your consent (deletion of account), where there is no other legal ground for the processing. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.

To whom we may transmit your data:  Within the organisation of ILCSI E-Commerce Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/
MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14., HungaryProviding a customer management system.
Ilcsi Beautifying Herbs Organic Skin Care Ltd.H-1021 Budapest, Üdülő út 37., Hungarygroup of undertakings
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.

Aut O’Mattic Ltd.

 

Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, IrelandProvides us with webshop programming services for the archive data of the webshop and the website.

Automattic Inc.

 

60 29th Street #343, San Francisco, CA 94110, USA Provides us with webshop programming services for the archive data of the webshop and the website.
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system

2.2.   PROVISION OF A PROFESSIONAL USER ACCOUNT, LOGIN TO THE USER ACCOUNT

The controller in respect of the data relating to login to the professional user account and the provision of the professional user account: Ilcsi Beautifying Herbs Organic Skin Care Ltd and ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

If you are our partner as a beautician or beautician student, we process your data so that you can use the professional user platform, along with the professional and convenience functions thereof, provided to our professional partners on the website (application to trainings and courses, application for professional events, notification on offers, access to the articles and awareness-raising materials prepared for our partners). On the professional user platform, only services ensured for our professional partners are available.

Data subjects: include the professional users who create a professional user account on the website.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·       surname

·       first name

·       email address

·       phone number

·       the username and password chosen and provided by you during registration

·       country

·       birthday (optional)

·       date, time and website of registration

·       language settings

·       type of registration

·       data provided at the time of registration

·       orders

·       invoicing data

·       for Hungarian beauticians:

·       customer card number

·       name and address of the

·       salon

·       for beautician students: certification of the student relationship by the partner vocational school, name and signature of the school’s representative

·       EU/PL website:  fact of beautician qualification

·       courses, name of course applied for

·       name of event applied for

·       memberships

·       invoicing data

·       coupon code

·       data of product recommendations issued

·       data of cosmetic review performed

·       authorisation to issue product recommendations

·       authorisation to issue coupons

·       data of coupon purchases

·       data of purchases upon product recommendations

·       own turnover and / guest turnover (hu) balance

·       discount coupon

·       commission coupon for those registering on the EU or Polish websites

·       details of workshops

·       your downloads

·       saved payment methods

·       fact of newsletter subscription, newsletter subscription settings

Legitimate interest

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that we can provide professional further training opportunities to our professional partners (beautician and beautician students) and so that they can easily and simply, in their professional user account, receive information about our further trainings, professional programmes and events. The data processing also serves the goal that professional users can participate in efficient professional trainings. The beauticians using the professional user account act for purposes which are within their trade or business. For beautician students, data processing is also necessary so that we can perform our obligations to the partner institution. This data processing also serves the business, economic and financial interests of the Controllers, the realisation of our envisaged business model – professional partnership (with vocational schools/beautician students) – and/or the creation of close relationships with our professional partners, furthermore, with a view to performing our contractual obligations and for administrative and statistical purposes. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: Only a limited number of dedicated employees within our organisation have access to the personal data. The complete balancing test is available here.

 

We shall process your personal data until you delete your professional user account and/or until you object to this processing – and where there is no other legal ground for the processing.

 

 

We will review our data processing every 3 years, including the updating of data.

 OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

Providing the above personal data and/or creating the professional account shall be voluntary; if you do not provide such data to us, you will not be able to use your professional user account. Your first name and surname serve for your identification, while the password serves to ensure your secure login to your user account. Your email address and phone number are processed for effective communication with you, while your eligibility data (e.g. customer card number, the fact of being a beautician or beautician student) for the verification of your eligibility. We process optional data (birthday) and data relating to turnover and discounts to enable you to use convenience features. We already have the data of your professional orders and trainings – if any.

Manner of erasing the data: Your above personal data will be erased upon your objection where there is no other legal ground for the processing. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including the deletion of accounts that have been inactive for at least 2 years, on the proviso that before deletion, we request data update; in the framework of that, you may state whether you want to maintain your account.

To whom we may transmit your data:  Within the organisation of the Controllers, your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/
MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14., HungaryProviding a customer management system.
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.

Aut O’Mattic Ltd.

 

Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, IrelandProvides us with webshop programming services for the archive data of the webshop and the website.

Automattic Inc.

 

60 29th Street #343, San Francisco, CA 94110, USAProvides us with webshop programming services for the archive data of the webshop and the website.
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system

3. PURCHASING PRODUCTS IN THE WEBSHOP

The controller with regard to the data in relation to product purchases in the webshop: ILCSI E-Commerce Ltd. 

For what purpose are your personal data processed?

So that you as a retail user can purchase in the webshop. Please note that registration is not necessary for webshop purchases; you may freely decide whether you want to register for your purchase in the webshop and/or to create a user account within that framework to facilitate your future purchases. Retail and professional users can make purchases in the webshop with the same conditions. The legal safeguards of our data processing in connection with purchases on the website and the use of services consists in the authorisation based on Section 13/A (1) and (2) of Act CVIII of 2001 in respect of your identification data as a natural person, address, the date, place and duration of using our service.

Data subjects: include the persons purchasing and placing orders through the webshop.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·       surname

·       first name

·       email address

·       phone number

·       delivery address

·       invoicing data (invoicing name and address)

·       notes provided during the order

·       order ID

·       customer ID

·       the products ordered, their price,

·       the order total,

·       method and price of delivery,

·       the fact of choosing personal pickup, if appropriate,

·       means of payment

·       status of payment

·       coupon code

·       loyalty points (redeemed and registered)

·       data of personal product recommendations

·       data of personalised cosmetic reviews

·       Other information you provide

·       where applicable: details of the activation of money-back guarantee

Performance of the contract

Under Article 6(1)(b) of the GDPR

In connection with the performance of the orders placed on the website and in the webshop and the services provided to you. Including the steps leading to contract conclusion, such as placing the order.

 

The relevant contract and the steps leading to its conclusion means the General Terms and Conditions of Contract and/or the steps made at your request before the acceptance thereof.

We shall retain these data for 3 years following the termination of the contract.

 

What happens if you do not provide the data?

Providing the above personal data is a prerequisite for the conclusion of the contract for the webshop order; if you do not provide such data to us, you will not be able to make a purchase on the website and/or in the webshop. We also need the personal data so that we can perform your order and the services provided to you. Your email address and phone number are necessary for communication and administration regarding the performance of your order, and we need these data to perform the contract. We request the provision of your first name and surname to identify you, and the data of the order and performance (e.g. personal pickup, method of shipment, status and means of payment, discounts, loyalty points) for the purpose of performing the order and applying the discounts, if any, and the order ID and customer ID are generated by us to identify your order and the customer.

Manner of erasing the data: As a rule, your data are erased upon expiry of the above retention period.

To whom we may transmit your data: Webshop purchases are processed by the dedicated staff member of ILCSI E-Commerce Ltd. In connection with the performance of your contract, your personal data may be transferred to the following recipients and processors, for the purposes indicated below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandProvides web hosting services for us for the webshop and the website.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and the website for us.
PROGEN Mérnöki Fejlesztő és Szolgáltató Korlátolt Felelősségű TársaságH-1118 Budapest, Homonna utca 8/A, HungaryOperates the sERPa enterprise resource planning system.
National Tax and Customs Administration, HungaryH-1054 Budapest, Széchenyi u. 2., HungaryElectronic reporting of data on issued invoices pursuant to Act CXXVII of 2007
Ilona Polyákné Gömöri, sole traderH-2011 Budakalász, Nárcisz u. 7., HungaryProvides bookkeeping services to us.
WEBSHIPPY Magyarország Logisztikai és Szállítmányozási Korlátolt Felelősségű TársaságH-2151 Fót, 0221/12., HungaryProvides logistics and home delivery services.
KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű TársaságH-1031 Budapest, Záhony utca 7, Hungaryinvoicing
OTP Bank Nyrt.H-1051 Budapest, Nádor u.16, HungaryFor payment services (the bank card data provided in the SimplePay system are also processed by OTP Bank Nyrt.). It has its own privacy notice regarding data processing.
OTP Mobil Kft.H-1093 Budapest, Közraktár u. 30-32, HungaryProvides the online payment service and the management of online payment transactions. It has its own privacy notice regarding data processing.
Worldline SATour Voltaire, 1 Place des Degrés, CS 81162, 92059 Paris la Défense CedexIt provides us with online payment services, online payment processing. It has its own privacy notice regarding data processing. https://www.six-payment-services.com/hu/services/legal/privacy-statement.html
PayU S.A.Antala Staška 2027/77, 140 00 Praha 4

It provides us with online payment services, online payment processing. It has its own privacy notice regarding data processing. https://hungary.payu.com/privacy-portal/

 

Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/
BIG FISH Payment Services Kft.

H-1066 Budapest, Nyugati tér 1-2, Hungary

Enables us to process online payments https://www.paymentgateway.hu/adatvedelem

Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

group of undertakings
beautician performing personalised review and issuing product recommendations

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations
beautician providing a coupon for discount purchases

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations
regional agent

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations
the tax authorities in your country and the Commission of the European Union and their VIES processors

https://ec.europa.eu/taxation_customs/vies/;jsessionid=5DA69D7C10F4C8B29A90A4F7211C17FB?locale=en

verification of tax numbers in the VIES system

ZeroTime Services Kft.

H-2013 Pomáz, Mikszáth Kálmán u. 36/4., Hungary

Provides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.

H-3300 Eger, Fazola utca 6., Hungary

Provides operational services for the archive data of the webshop and the website.
Aut O’Mattic Ltd.

Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland

Provides us with webshop programming services for the archive data of the webshop and the website.
Automattic Inc.60 29th Street #343, San Francisco, CA 94110, USA Provides us with webshop programming services for the archive data of the webshop and the website.

4. PLACING ORDERS OR SUBMITTING APPLICATIONS ON THE PROFESSIONAL PLATFORM OF THE WEBSITE

The controller with regard to the data relating to orders and applications (e.g. to trainings or events) on the professional platform of the website: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

So that you as a professional user can apply to our professional events, and in particular can participate at further trainings and/or courses, events, shop in the webshop, and also if you as our professional partner conclude a contract with ILCSI. The legal safeguards of our data processing in connection with using the services on the professional platform of the website and the use of services consists in the authorisation based on Section 13/A (1) and (2) of Act CVIII of 2001 of Hungary in respect of your identification data as a natural person, address, the date, place and duration of using our service.

Data subjects: include the professional users who place orders, apply to courses or events, or use a service on the professional platform of the website.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·       surname

·       first name

·       email address

·       phone number

 

·       invoicing data

·       name, date and time, location and fee of training applied for

·       name, date and time, location and fee of event applied for

Performance of the contract

Under Article 6(1)(b) of the GDPR

In connection with the performance of the orders placed and applications submitted on the website, as well as the services provided to you as a professional partner, e.g. application to a training, event, and ensuring your participation at the same.

 

The relevant contract and the steps leading to its conclusion means the General Terms and Conditions of Contract and/or the steps made at your request before the acceptance thereof (in certain cases, an individual contract concluded with you).

We shall retain these data for 3 years following the termination of the contract.

 

 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to place orders/send applications on the website and/or we will not be able to perform our services (events, trainings) to you. Your first name and surname are necessary for your identification, and your email address and in some cases your phone number are required in connection with the performance of the service..

Manner of erasing the data: As a rule, these data are erased after the above deadline.

To whom we may transmit your data: With regard to the orders placed and applications submitted on the professional platform of the website, data are processed by the staff member of the Controllers. In connection with the performance of your contract, your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandProvides web hosting services for us for the webshop and the website.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and the website for us.
PROGEN Mérnöki Fejlesztő és Szolgáltató Korlátolt Felelősségű TársaságH-1118 Budapest, Homonna utca 8/A, HungarysERPa enterprise resource planning system
Ilona Polyákné Gömöri, sole traderH-2011 Budakalász, Nárcisz u. 7., HungaryProvides bookkeeping services to us.
National Tax and Customs Administration, HungaryH-1054 Budapest, Széchenyi u. 2., HungaryElectronic reporting of data on issued invoices pursuant to Act CXXVII of 2007
KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű TársaságH-1031 Budapest, Záhony utca 7., Hungaryinvoicing
OTP Bank Nyrt.H-1051 Budapest, Nádor u.16., HungaryIn order to process payment (the bank card data provided in the SimplePay system is also processed by OTP Bank Nyrt.). It has its own privacy policy on data processing.
OTP Mobil Kft.H-1093 Budapest, Közraktár u. 30-32., HungaryIt provides us with online payment services, online payment processing. It has its own privacy policy on data processing.
Worldline SATour Voltaire, 1 Place des Degrés, CS 81162, 92059 Paris la Défense CedexIt provides us with online payment services, online payment processing. It has its own privacy policy on data processing. https://www.six-payment-services.com/hu/services/legal/privacy-statement.html
PayU S.A.Antala Staška 2027/77, 140 00 Praha 4It provides us with online payment services, online payment processing. It has its own privacy policy on data processing. https://hungary.payu.com/privacy-portal/
BIG FISH Payment Services Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryEnables us to process online payments https://www.paymentgateway.hu/adatvedelem
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/

WEBSHIPPY Magyarország Logisztikai és Szállítmányozási Korlátolt Felelősségű Társaság

H-2151 Fót, 0221/12., HungaryProvides logistics and home delivery services.

regional agent

 feedback on purchase data, statistical and administrative purposes, performance of contractual obligations

tax authority of your country, EU Commission and the service providers of these organizations regarding tax databases and VIES System

https://ec.europa.eu/taxation_customs/vies/;jsessionid=5DA69D7C10F4C8B29A90A4F7211C17FB?locale=ento verify VAT number in VIES system

ZeroTime Services Kft.

H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.

Color and Code Kft.

H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.
Aut O’Mattic Ltd.Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, IrelandProvides us with webshop programming services for the archive data of the webshop and the website.
Automattic Inc.60 29th Street #343, San Francisco, CA 94110, USA Provides us with webshop programming services for the archive data of the webshop and the website.

Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

group of undertakings, administrative purposes with regard to the data in relation to product purchases in the professional webshop

Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

providing computer programs, mail system

5.  PAYMENT AND INVOICING, ISSUE OF ACCOUNTING DOCUMENT

5.1.   FOR PRODUCT PURCHASES IN THE WEBSHOP

The controller with regard to the data in relation to product purchases in the webshop, including the issue of the relevant invoice: ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

If you make a purchase in the webshop, we process your personal data for the purposes of documenting your purchase and payment, issuing an invoice for the purchase, and fulfilling our accounting obligations. Data beyond the scope of those on the supporting documents for accounting (certain payment data) are also processed based on the contract concluded with us.

Data subjects: include the persons who have made a purchase through the webshop.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

For payment:

·       means of payment

·       fact of payment and the date of performance of payment

·       amount paid

·       for online payment by bank card: OTP SimplePay or PayU, Worldline transaction ID, external reference number, amount paid, transaction status, products and/or services, your name, invoicing address, delivery address, email, discount, delivery fee, payment platform (www.ilcsi.com); the data requested by the payment service provider for payment and transmitted by us: your name, billing, delivery and postal address, e-mail, telephone number, account number, registration username and password; for card payments (to save your bank card) you provide: name on the card, card number, expiry date, issuing bank, CVC/CVV security code   

For invoicing:

·       surname

·       first name

·       name and price of product/service

·       invoice total

·       means of payment

·       date of performance

·       in certain cases: your signature

·       where applicable: details of the activation of money-back guarantee

 

Compliance with a legal obligation

(Article 6(1)(c) of the GDPR)

Processing relating to the documents supporting the accounting records takes place under Section 169 (1) and (2) of the Accounting Act and Section 159 (1) and (2) of the VAT Act.

 

Accounting documents directly or indirectly supporting the accounting records are retained for 8 years from the date of issue pursuant to Section 169 (2) of the Accounting Act.

 

 

Performance of the contract

(Under Article 6(1)(b) of the GDPR)

The legal basis for processing data beyond the scope of those on the supporting documents for accounting (certain payment data) is the contract concluded between you and us. The relevant contract and the steps leading to its conclusion means the General Terms and Conditions of Contract and/or the steps made at your request before the acceptance thereof.

We shall retain these data for 3 years following the termination of the contract.

 

Personal data automatically transmitted to the online payment service provider for the purpose of making a payment will be deleted or anonymised in such a way that you can no longer be identified 48 hours after the confirmation of the result of the online payment transaction to the controller.

 

Processing starts when the first personal data are supplied to us upon entering into contact prior to contract conclusion (order) with a view to contract conclusion (placing the order).

 

Please be informed that payment on our website takes place through the SimplePay by OTP Mobil or through the PayU or Wordline system, and data processing related to the use of the SimplePay, PayU or Worldline online service is governed by SimplePay’s, PayU’s or Worldline’s privacy notice, which we have no means to influence. The card or other payment data provided during your online payment will be checked for IT compliance purposes only and will be automatically transmitted to the payment service provider, deleted or anonymised within the short time limit mentioned above. You will be redirected back to the website from the payment service provider's site when you make the payment transaction on the payment service provider's site. During SimplePay online payment and payment by bank card, the service provider usually requests your following bank card data: name on card, card number, expiry data, issuer bank, CVC/CVV security code. Please always keep your bank card data safe. The following personal data stored by the controller, ILCSI E-Commerce Ltd. (H-1021 Budapest, Üdülő út 37, Hungary), in the user database of https://ilcsi.com/ will be transmitted to OTP Mobil Kft. (H-1093 Budapest, Közraktár u. 30-32, Hungary) as the processor. The categories of data transferred by the controller: name, email, phone number, invoicing address, delivery address. The type and purpose of the data processing activity performed by the processor can be viewed in SimplePay’s Privacy Notice through the following link: http://simplepay.hu/vasarlo-aff. To make a payment in PayU, the service provider performing the independent data processing usually requests the following data: the account holder's name, postal address, telephone number, e-mail address, as well as the invoice number of the invoice to be paid, the registration username and password. PayU's Privacy Policy is available at the following link: https://hungary.payu.com/privacy-portal/. The service provider as individual data controller usually requests your following data for executing payment for executing payment in the Worldline system: name, postal address, telephone, e-mail address of the account owner, and the account number of the invoice to be paid, registered username and password. Privacy Notice regarding data processing of Worldline is available at: https://worldline.com/en/compliancy/privacy.html.

What happens if you do not provide the data?

The data necessary for invoicing shall be provided under law. If you do not provide us with the legally mandatory data, we will not be able to issue the invoice for the purchase; certain data recorded during payment may also form part of the accounting records. The data requested for payment and kept on record are necessary for performance of the contract based on your contractual obligation (for orders, it is your payment obligation). If you do not provide them, you will not be able to transact your payment and/or fulfil your contractual payment obligation. Certain data relating to payment are typically not provided by you; instead, we get to access them upon processing the order.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: The data relating to purchases in the webshop and invoicing are processed by the staff member of ILCSI E-Commerce Ltd. and, with a view to perform our obligations under law, your personal data will be transmitted to the National Tax and Customs Administration of Hungary and/or its competent office. Your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:

NameRegistered officePurpose of data transmission or transfer
OTP Bank Nyrt.H-1051 Budapest, Nádor u.16, HungaryFor payment services (the bank card data provided in the SimplePay system are also processed by OTP Bank Nyrt.). It has its own privacy notice regarding data processing.
OTP Mobil Kft.H-1093 Budapest, Közraktár u. 30-32, HungaryProvides the online payment service and the management of online payment transactions. It has its own privacy notice regarding data processing.
National Tax and Customs Administration of HungaryH-1054 Budapest, Széchenyi u. 2, HungaryPerformance of the obligation to supply data electronically about the invoices issued, under Act CXXVII of 2007.
PROGEN Mérnöki Fejlesztő és Szolgáltató Korlátolt Felelősségű TársaságH-1118 Budapest, Homonna utca 8/A, HungaryOperator of the sERPa enterprise resource planning system.
WEBSHIPPY Magyarország Logisztikai és Szállítmányozási Korlátolt Felelősségű TársaságH-2151 Fót, 0221/12., HungaryProvides logistics and home delivery services.
Ilona Polyákné Gömöri sole traderH-2011 Budakalász, Nárcisz u. 7, HungaryProvides accounting services to us.
KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű TársaságH-1031 Budapest, Záhony utca 7, Hungaryinvoicing
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Worldline SATour Voltaire, 1 Place des Degrés, CS 81162, 92059 Paris la Défense CedexIt provides us with online payment services, online payment processing. It has its own privacy policy on data processing. https://www.six-payment-services.com/hu/services/legal/privacy-statement.html
PayU S.A.Antala Staška 2027/77, 140 00 Praha 4It provides us with online payment services, online payment processing. It has its own privacy policy on data processing. https://hungary.payu.com/privacy-portal/
BIG FISH Payment Services Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryEnables us to process online payments https://www.paymentgateway.hu/adatvedelem
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű TársaságH-1031 Budapest, Záhony utca 7, Hungaryinvoicing
Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

group of undertakings
regional agent

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations

beautician performing personalised survey and issuing product recommendations

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations

beautician providing a coupon for discount purchases

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations

tax authority of your country, EU Commission and the service providers of these organizations regarding tax databases and VIES System

https://ec.europa.eu/taxation_customs/vies/;jsessionid=5DA69D7C10F4C8B29A90A4F7211C17FB?locale=ento verify VAT number in VIES system

ZeroTime Services Kft.

H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.

Color and Code Kft.

H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.
Aut O’Mattic Ltd.Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, IrelandProvides us with webshop programming services for the archive data of the webshop and the website.
Automattic Inc.60 29th Street #343, San Francisco, CA 94110, USA Provides us with webshop programming services for the archive data of the webshop and the website.
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system

5.2.   WITH REGARD TO ORDERS PLACED ON THE PROFESSIONAL PLATFORM OF THE WEBSITE, PROFESSIONAL ORDERS AND USE OF PROFESSIONAL SERVICES

The controller with regard to the data relating to orders and applications (e.g. to trainings, events) on the professional platform of the website: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

If you place an order on the professional platform of the website and/or apply to (not free of charge) training, event or conference, we process your personal data to document your order and/or subsequent payment, to issue an invoice for your purchase and/or use of the service and/or to perform our accounting obligations. Data beyond the scope of those on the supporting documents for accounting (certain payment data) are also processed based on the contract concluded with us.

Data subjects: include the professional users who have placed orders, made a purchase or used services through the professional platform.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

For payment:

·       means of payment

·       fact of payment and the date of performance of payment

·       amount paid

·       for bank transfers: bank transfer data (account holder, account number, comments to the transfer)

·       in case of online payment by bank card: OTP SimplePay or PayU, Worldline transaction ID, external reference number, amount paid, transaction status, products or services, your name, billing address, delivery address, e-mail, discount, delivery charge, platform on which the payment was made; data requested by the payment service provider for the payment and transmitted by us: your name, billing, delivery and postal address, e-mail, telephone number, account number, registration username and password; for card payments (to save the card) you provide: name on the card, card number, expiry date, issuing bank name, CVC/CVV security code 

For invoicing:

·       surname

·       first name

·       name and price of product/service

·       invoice total

·       means of payment

·       date of performance

·       in certain cases: your signature

 

Compliance with a legal obligation

(Article 6(1)(c) of the GDPR)

Processing relating to the documents supporting the accounting records takes place under Section 169 (1) and (2) of the Accounting Act and Section 159 (1) and (2) of the VAT Act.

 

Accounting documents directly or indirectly supporting the accounting records are retained for 8 years from the date of issue pursuant to Section 169 (2) of the Accounting Act.

 

 

 

 

Performance of the contract

(Under Article 6(1)(b) of the GDPR)

The legal basis for processing data beyond the scope of those on the supporting documents for accounting (certain payment data) is the contract concluded between you and us. The relevant contract and the steps leading to its conclusion means the General Terms and Conditions of Contract and/or the steps made at your request before the acceptance thereof (in certain cases, an individual contract concluded with you).

We shall retain these data for 3 years following the termination of the contract.

 

Personal data automatically transmitted to the online payment service provider for the purpose of making a payment will be deleted or anonymised in such a way that you can no longer be identified 48 hours after the confirmation of the result of the online payment transaction to the controller.

 

Processing starts when the first personal data are supplied to us upon entering into contact prior to contract conclusion (order) with a view to contract conclusion (placing the order).

 

The contact persons’ data processed with a view to performance of the contract are also retained by the above deadline.

 

For online payment, please read the information in Section 5.1 above.

What happens if you do not provide the data?

The data necessary for invoicing shall be provided under law. If you do not provide us with the legally mandatory data, you will not be able to apply and we will not be able to issue the invoice; certain data recorded during payment may also form part of the accounting records. The data requested for payment and kept on record are also necessary for performance of the contract based on your contractual obligation (for orders, it is your payment obligation). If you do not provide them, you will not be able to transact your payment and/or fulfil your relevant contractual payment obligation. Certain data relating to payment are typically not provided by you; instead, we get to access them upon processing the order.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: The data relating to purchases in the webshop and/or website and invoicing are processed by the dedicated staff member of the Controllers and, with a view to perform our obligations under law, your personal data will be transmitted to the National Tax and Customs Administration of Hungary and/or its competent office. Your personal data will be transferred to the following recipients and processors, for the purposes indicated below:

NameRegistered officePurpose of data transmission or transfer
National Tax and Customs Administration of HungaryH-1054 Budapest, Széchenyi u. 2, HungaryPerformance of the obligation to supply data electronically about the invoices issued, under Act CXXVII of 2007.
PROGEN Mérnöki Fejlesztő és Szolgáltató Korlátolt Felelősségű TársaságH-1118 Budapest, Homonna utca 8/A, HungaryOperates the sERPa enterprise resource planning system.
Ilona Polyákné Gömöri sole trader      H-2011 Budakalász, Nárcisz u. 7, Hungarypayroll, accounting
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
OTP Bank Nyrt.H-1051 Budapest, Nádor u.16, HungaryFor payment services (the bank card data provided in the SimplePay system are also processed by OTP Bank Nyrt.). It has its own privacy notice regarding data processing
OTP Mobil Kft.H-1093 Budapest, Közraktár u. 30-32, HungaryIt provides us with online payment services, online payment processing. It has its own privacy policy on data processing.
Worldline SATour Voltaire, 1 Place des Degrés, CS 81162, 92059 Paris la Défense CedexIt provides us with online payment services, online payment processing. It has its own privacy policy on data processing. https://www.six-payment-services.com/hu/services/legal/privacy-statement.html
PayU S.A.Antala Staška 2027/77, 140 00 Praha 4It provides us with online payment services, online payment processing. It has its own privacy policy on data processing. https://hungary.payu.com/privacy-portal/
BIG FISH Payment Services Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryEnables us to process online payments https://www.paymentgateway.hu/adatvedelem
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

H-1031 Budapest, Záhony utca 7, Hungary

invoicing

regional agent

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations

beautician performing personalised review and issuing product recommendations

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations

beautician providing a coupon for discount purchases

 

feedback on purchase data, statistical and administrative purposes, performance of contractual obligations

WEBSHIPPY Magyarország Logisztikai és Szállítmányozási Korlátolt Felelősségű Társaság

H-2151 Fót, 0221/12., HungaryProvides logistics and home delivery services.

tax authority of your country, EU Commission and the service providers of these organizations regarding tax databases and VIES System

https://ec.europa.eu/taxation_customs/vies/;jsessionid=5DA69D7C10F4C8B29A90A4F7211C17FB?locale=ento verify VAT number in VIES system

Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

 

group of undertakings, administrative purposes with regard to the data in relation to product purchases in the professional webshop
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.
Aut O’Mattic Ltd.Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, IrelandProvides us with webshop programming services for the archive data of the webshop and the website.
Automattic Inc.60 29th Street #343, San Francisco, CA 94110, USA Provides us with webshop programming services for the archive data of the webshop and the website.
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system

6. CUSTOMER SERVICE, QUESTIONS RELATING TO THE PRODUCTS 

6.1.CUSTOMER SERVICE, QUESTIONS RELATING TO THE PRODUCTS OR WEBSITE

In relation to the questions relating to information and services provided on the website (not including enquiries regarding the webshop), products displayed on the website, as well as questions and enquiries relating to professional services, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

For the purposes so that we can reply to the enquiries sent by you to the info@ilcsi.com email address as well as your questions sent as a professional user regarding our products and services, your orders and the details thereof. Furthermore, so that you can send us messages, we can receive your messages, can reply to your questions on the merits and, depending on the content of your enquiry, we can contact you in that regard. Please note that, when requesting information and/or contacting our company, you can freely decide about the categories of data you want to provide – certain data, e.g. your email address is necessary so that we can reply to your enquiry.

Data subjects: shall include the persons who have sent a question or enquiry to the above contact information to us.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

For enquiries by email:

·  email address

·  first name, surname

·   the subject-matter and content of the enquiry

For enquiries by phone:

·  telephone number

·  name

·  subject-matter and content of the enquiry

Legitimate interest

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that we can reply to your enquiries and questions sent in connection with the services provided on the website, and can ensure that you can contact us. Our data processing is also necessary so that we can contact you. This data processing is necessary in the business, economic and financial interests of the Controllers, for realising the customer services envisaged by us, for enhancing our competitiveness, for ensuring and improving the high quality of our services, and so that we can effectively reply in respect of complex services. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. In other way these data processing operations would not be possible or would be more disadvantageous.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: We have restricted the scope of personal data to the strict minimum. Only a limited number of dedicated employees within our organisation have access to the personal data. The complete balancing test for customer service enquiries is available here.

Data are retained for 3 years from the completion or closure of the customer service process of the case – provided that there is no other legal ground for the processing.

If you have objected to data processing, data are processed until the assessment of such objection, except if there is a valid legal basis for further data processing.

You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

The provision of the data is a prerequisite of processing the enquiries. If you do not provide the data, we will not be able to process or answer your enquires and/or questions, contact you or communicate with you.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Enquiries and/or questions are processed and answered by the dedicated employees within the organisation of the Controllers, and your personal data will also be transmitted to the following recipients, processors, for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Opennetworks Kft.H-1125 Budapest, Kiss Áron u. 9., Hungary, Phone: +36-1-999-6000telephone service provider
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.

6.2. WEBSHOP CUSTOMER SERVICE, QUESTIONS

The controller in relation to the questions raised regarding the products and services available, or the orders placed in the webshop: ILCSI E-Commerce Ltd. 

For what purpose are your personal data processed?

For the purposes so that we can reply to the enquiries sent by you to the ugyfelszolgalat@ilcsi.com or customercare@ilcsi.com email address in relation to the webshop running on the website and the services thereof, as well as your questions sent regarding our products and services, your orders and the details thereof as well as to provide professional advice about products to you. Furthermore, so that you can send us messages, we can receive your messages, can reply to your question on the merits and, depending on the content of your enquiry, we can contact you in that regard. Please note that, when requesting information and/or contacting our company, you can freely decide about the categories of data you want to provide – certain data, e.g. your email address is necessary so that we can reply to your enquiry.

Data subjects: shall include the persons who have sent enquiries or questions in relation to the webshop through the above contact information to us.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

For enquiries by email:

·  email address

·  first name, surname

·  subject-matter and content of the enquiry

For enquiries by phone:

·  name

·  telephone number

·  subject-matter and content of the enquiry

Legitimate interest

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that we can reply to your enquiries and questions sent in connection with the services provided in the webshop, and can ensure that you can contact us. Our data processing is also necessary so that we can contact you. This data processing is necessary in the business, economic and financial interests of ILCSI E-Commerce Ltd., for realising the customer services envisaged by us, for enhancing our competitiveness, for ensuring and improving the high quality of our services, and so that we can effectively reply in respect of complex services. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. In other way these data processing operations would not be possible or would be more disadvantageous.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: We have restricted the scope of personal data to the strict minimum. Only a limited number of dedicated employees within our organisation have access to the personal data. The complete balancing test for customer service enquiries is available here.

Data are retained for 3 years from the completion or closure of the customer service process of the case – provided that there is no other legal ground for the processing.

If you have objected to data processing, data are processed until the assessment of such objection, except if there is a valid legal basis for further data processing.

You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

The provision of the data is a prerequisite of processing the enquiries. If you do not provide the data, we will not be able to process or answer your enquires and/or questions, or provide professional advice about the products, contact you or communicate with you.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Enquiries and/or questions are processed and answered by the dedicated employees within the organisation of ILCSI E-Commerce Ltd., and your personal data will also be transmitted to the following recipients, processors, for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14, HungaryProvision of customer management system.
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

 

group of undertakings
Opennetworks Kft.

H-1125 Budapest, Kiss Áron u. 9., Hungary, Phone: +36-1-999-6000

telephone service provider
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system
Color and Code Kft.

H-3300 Eger, Fazola utca 6., Hungary

Provides operational services for the archive data of the webshop and the website.

7.  COMPLAINT HANDLING

7.1.  COMPLAINT HANDLING IN CONNECTION WITH PURCHASES IN THE WEBSHOP

The controller in connection with the customer complaints received in relation to webshop purchases is: ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

We process your data so that we can handle and/or investigate the complaints and/or comments of customers or visitors in connection with the webshop and the products offered in the webshop. Furthermore, to identify and/or investigate the complaints relating to orders. Our data processing also serves the purpose to allow you to effectively enforce your consumer rights and/or for the purposes of the relating procedures. The data relating to your complaint are also processed with regard to using the dispute resolution proceedings before arbitration boards and online, and so that we can participate in such proceedings. If your complaint relates to one of our cosmetic products, we also process your data to be able to comply with the complaint handling provisions of the GMP (Good Manufacturing Practice) standards – in such a case, your complaint will be transferred to the product manufacturer within our company group (Ilcsi Beautifying Herbs Organic Skin Care Ltd.) to investigate the complaint.

Data subjects: include the persons who have submitted a complaint in relation to the purchase on the webshop to the controller or who are named in such a complaint.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

Data in the complaint report:

·      first name, surname

·      your address

·      place, date and means of submitting the complaint

·      detailed description of your complaint or entry

·      list of the documents, data attached to the complaint

·      place and date of drawing up the report

·      the unique ID of your complaint

·      your signature

 

The data in your complaint (email, phone):

·      the data provided by you in addition to the above in connection with your complaint

·      email address or telephone number

·      order number, if any

 

Compliance with a legal obligation

(Article 6(1)(c) of the GDPR)

Providing you with the possibility to submit complaints verbally or in writing under Section 17/A (2) and (7) of Act CLV of 1997 on Consumer Protection, which act also specifies the data to be recorded in the complaint report. Furthermore, our data processing is based on Section 29 (11) of Act CLV of 1997 on Consumer Protection regarding the mandatory participation of companies in the procedures of arbitration boards, and Regulation (EU) No 524/2013 of the European Parliament and of the Council on online dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004/EC and Directive 2009/22/EC regarding online dispute resolution.

 

Personal data in relation to complaint handling shall be retained for 3 years under Section 17/A (7) of Act CLV of 1997 on Consumer Protection.

 

If your complaint is related to a product, then, in addition:

(For reasons of GMP compliance):

·      complaint number

·      first name, surname

·      address

·      phone

·      name of the affected product

·      ID of the affected product

·      description of the complaint and/or non-compliance of the product

·      date

·      corrective action

·      responsible for introduction

·      deadline

·      fact of acceptance of corrective action

·      your signature

·      implementation of corrective action

Legitimate interest

(Article 6(1)(f) of the GDPR)

During the production, manufacturing and distribution of the ILCSI cosmetic products, the manufacturer, Ilcsi Beautifying Herbs Organic Skin Care Ltd., follows a Good Manufacturing Practice – GMP that is also governing within the company group. Compliance with the GMP standards ensures the safety, exceptional quality and high standards of the company group’s cosmetic products. Compliance with the GMP standards is also important so that the ILCSI cosmetic products comply with the provisions of Regulation (EC) No 1223/2009 on cosmetic products. The GMP rules also lay down obligations regarding product complaints and their handling, compliance with which serves the legitimate interests of the ILCSI company group, including ILCSI E-Commerce Ltd. and Ilcsi Beautifying Herbs Organic Skin Care Ltd.  Our data processing is necessary for compliance with the laws on cosmetic products and the GMP standards, for enhancing the safety of ILCSI products, and for enforcing our business and economic interests.

Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. In other way these data processing operations would not be possible or would be more disadvantageous.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: The categories of data processed are determined by the ‘Complaint Form’ institutionalised by the GMP, and we request no other data in addition to that. Only a limited number of dedicated employees within our organisation have access to the personal data. The data remain within our company group, they are not transferred anywhere. The complete balancing test for product complaints is available here.

If your complaint relates to a product and our data processing is based on legitimate interest, we retain the personal data for 10 years. If you have objected to data processing, data are processed until the assessment of such objection; we only continue to process them if there is a valid legal basis for further data processing.

You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

If you submit a complaint, you determine which data you provide to us – providing the data is voluntary. The data to be included in the complaint report are specified by the consumer protection act. If you do not supply the relevant data to us, you may not be able to exercise your consumer’s rights, or at least not in a full scope, or we will not be able to contact you. This is because if data are missing, we will only be able to partially investigate and/or fulfil your complaint or not at all, and will not be able to effectively participate in arbitration or online dispute resolution. We already have the data of your orders; however, the provision of data can facilitate easier identification and faster administration. For the purposes of GMP compliance, if your complaint concerns a product, we will have the data for completing the GMP complaint form based on your complaint, in case you do not complete such form.

The manner of erasing the data: We will erase your personal data upon expiry of the above relevant deadlines.

To whom we may transmit your data: The dedicated employees of ILCSI E-Commerce Ltd. participate in complaint handling, and your data may be transferred (except in the case of GMP complaint handling) to the authorities with territorial and subject-matter competence, such as arbitration boards and consumer protection authorities. In the event of using the online dispute resolution platform, to the platform and the arbitration board proceeding in the case. Furthermore, the complaints may be transferred – depending on their content – to the attorney performing the legal representation of the ILCSI companies (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal representation). GMP complaints concerning the products are transferred within the company group to the manufacturer, Ilcsi Beautifying Herbs Organic Skin Care Ltd., for the investigation of complaints on the merits.

NameRegistered officePurpose of data transmission or transfer
Ilcsi Beautifying Herbs Organic Skin Care Ltd.H-1021 Budapest, Üdülő út 37, HungarySubstantial investigation of GMP product complaints, making of corrective decisions regarding the product. In this respect, this company shall qualify as an individual controller. It belongs to a group of undertakings.
MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14, HungaryProvision of customer management system.
Opennetworks Kft.

H-1125 Budapest, Kiss Áron u. 9., Hungary, Phone: +36-1-999-6000

telephone service provider
Microsoft Ireland Operations Limited

One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

providing computer programs, mail system

7.2.   COMPLAINT HANDLING IN CONNECTION WITH THE WEBSITE, PROFESSIONAL SERVICES, PRODUCTS 

The controller in respect of the complaints received regarding the services provided on the website and services provided to professional partners (beautician, beautician student) is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. 

For what purpose are your personal data processed?

We process your data so that we can handle and/or investigate and answer the complaints and/or comments relating to our services and products. Furthermore, to identify and/or investigate the complaints relating to orders. Our data processing also serves the purpose to allow you to effectively enforce your consumer rights and/or for the purposes of the relating procedures. The data relating to your consumer complaint are also processed with regard to using the dispute resolution proceedings before arbitration boards and online, and so that we can participate in such proceedings. If your complaint relates to one of our cosmetic products, we also process your data to be able to comply with the complaint handling provisions of the GMP (Good Manufacturing Practice) standards.

Data subjects: include the persons who have submitted a complaint in connection with the website, professional services and products to the controller or are concerned by the complaint (in regard of the personal data of these persons, the source of the data is the person filing the complaint).  Regarding professional users, data subjects may include the natural persons representing them, who submit the complaint on the partner’s behalf.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

Data in the consumer complaint report:

·      first name, surname

·      your address

·      place, date and means of submitting the complaint

·      detailed description of your complaint or entry

·      list of the documents, data attached to the complaint

·      place and date of drawing up the report

·      the unique ID of your complaint

·      your signature

 

The data in your complaint (email, phone, online form):

·      the data provided by you in addition to the above in connection with your complaint

·      email address or telephone number

·      order number, if any

 

Compliance with a legal obligation

(Article 6(1)(c) of the GDPR)

 

Providing you with the possibility to submit complaints verbally or in writing under Section 17/A (2) and (7) of Act CLV of 1997 on Consumer Protection, which act also specifies the data to be recorded in the complaint report. Furthermore, our data processing is based on Section 29 (11) of Act CLV of 1997 on Consumer Protection regarding the mandatory participation of companies in the procedures of arbitration boards, and Regulation (EU) No 524/2013 of the European Parliament and of the Council on online dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004/EC and Directive 2009/22/EC regarding online dispute resolution.

 

Personal data in relation to consumer complaint handling shall be retained for 3 years under Section 17/A  (7) of Act CLV of 1997 on Consumer Protection.

 

If your complaint is related to a product (Product complaint), then, in addition:

(For reasons of GMP compliance):

·      complaint number

·      first name, surname

·      address

·      phone

·      name of the affected product

·      ID of the affected product

·      description of the complaint and/or non-compliance of the product

·      date

·      corrective action

·      responsible for introduction

·      deadline

·     fact of acceptance of corrective action

·      your signature

 

If you are a professional client and your complaint relates to a service:

 

·      your name and contact information (e.g. email address, telephone number, address)

·      your signature, if the complaint is submitted in hard copy

·      complaint content, name of the service concerned

Product complaint, other than by consumers

Legitimate interest

(Article 6(1)(f) of the GDPR)

 

During the production and manufacturing of cosmetic products, Ilcsi Beautifying Herbs Organic Skin Care Ltd. follows a Good Manufacturing Practice – GMP. Compliance with the GMP standards ensures the safety and high standards of our cosmetic products. Compliance with the GMP standards is also important so that our cosmetic products comply with the provisions of Regulation (EC) No 1223/2009 on cosmetic products. The GMP rules also lay down obligations for us regarding product complaints and their handling, compliance with which serves our legitimate interests. Our data processing relating to product complaints is necessary for compliance with the laws on cosmetic products and the GMP standards, enhancing the safety of our products, for product development, introducing new products and phasing out the old ones, ensuring the special excess safeguards regarding complaint handling as required by the GMP, for maintaining our business and economic interests and the good repute of our products, and also for enforcing our established manufacturing policy. In the case of all other complaints filed by professional customers, data processing is based on the legitimate interests of Ilcsi Beautifying Herbs Organic Skin Care Ltd., consisting in being able to investigate, answer and remedy the complaints of its customers, being able to provide high-quality services to its professional customers and establish long-term relationships with them. In the case of both product complaints and professional customer complaints, data are also processed so that we can provide substantiated answers to the complaints concerning products and services, and keep contact with you in connection with the complaint.

Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. In other way these data processing operations would not be possible or would be more disadvantageous.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: In the case of product complaints, the categories of data processed are determined by the ‘Complaint Form’ institutionalised by the GMP, and we request no other data in addition to that. In the case of professional complaints, the content of your complaint determines which categories of data we process; in addition, we process your contact information for keeping contact with you, and your name and the data of the product/service for identification purposes. Only a limited number of dedicated employees within our organisation have access to the personal data. The data regarding product complaints remain within our company group; as a rule, they are not transferred anywhere. The complete balancing test for product complaints is available here.

If your complaint relates to a product and our data processing is based on legitimate interest, we retain the personal data for 10 years in accordance with the GMP standards. In the case of all other complaints by professional customers, the duration of data processing is 3 years. If you have objected to data processing, data are processed until the assessment of such objection; we only continue to process them if there is a valid legal basis for further data processing.

You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

If you submit a complaint, you determine which data you provide to us – providing the data is voluntary. The data to be included in the complaint report are specified by the consumer protection act. If you do not supply the relevant data to us, you may not be able to exercise your consumer’s rights, or at least not in a full scope, and we will not be able to contact you and communicate with you. This is because if data are missing, we will only be able to partially investigate and/or fulfil your complaint or not at all, and will not be able to effectively participate in arbitration or online dispute resolution. We already have the data of your orders; however, the provision of data can facilitate easier identification and faster administration.  For the purposes of GMP compliance, if your complaint concerns a product, we will have the data for completing the GMP complaint form based on your complaint.

The manner of erasing the data: We will erase your personal data upon expiry of the above relevant deadlines.

To whom we may transmit your data: The dedicated employees of Ilcsi Beautifying Herbs Organic Skin Care Ltd. participate in complaint handling, and your data may be transferred (except in the case of GMP complaint handling) to the authorities with territorial and subject-matter competence, such as arbitration boards and consumer protection authorities. In the event of using the online dispute resolution platform, to the platform and the arbitration board proceeding in the case. Furthermore, the complaints may be transferred – depending on their content – to the attorney performing our legal representation.

NameRegistered officePurpose of data transmission or transfer
ILCSI E-Commerce Ltd.H-1021 Budapest, Üdülő út 37, HungaryIt notifies the complainant based on the result of the GMP complaint – if such complaint has been filed in relation to purchases in the webshop – and implements the envisaged measure. It belongs to a group of undertakings.
Opennetworks Kft.H-1125 Budapest, Kiss Áron u. 9., Hungary, Phone: +36-1-999-6000telephone service provider
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system

8. NEWSLETTER

8.1.  RETAIL NEWSLETTER

The controller in respect of the data relating to retail newsletters is: ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

If you are a retail user and has subscribed to our newsletter, we process your personal data so that we can send you newsletters, direct marketing messages by electronic means in connection with our novelties, products, discounts and promotions.

Data subjects: include the persons subscribing to the retail newsletter on the website.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·  email address (for newsletter, electronic marketing message)

·  first name, surname

·  type of newsletter (beautician, student or retail)

·  in certain cases: your signature – if you subscribe to the newsletter other than online

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you consent to E-Commerce ILCSI E-Commerce Ltd.contacting you for its own marketing purposes and/or by way of its newsletter, contacting you with advertising and promotional offers in its own name and on behalf of its intra-group partner, Ilcsi Beautifying Herbs Organic Skin Care Ltd.

By checking the relevant checkbox, you consent to your specified personal data being transferred to our intra-group partner, Ilcsi Beautifying Herbs Organic Skin Care Ltd.

 

 You have the right to withdraw your consent and unsubscribe from the newsletter at any time. If the consent was given by a person under the age of 16 (or his/her legal representative on his/her behalf), the represented person may also withdraw his/her consent upon coming of legal age. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

As long as the newsletter or direct marketing service is provided, or until you (or the represented person, coming of legal age) request the erasure of data or unsubscribe from the newsletter, direct marketing or personalised offer service, provided there is no other legal ground for processing.

 

Please note that we will request data updates from you every 3 years. If you do not reply to our enquiry, we will delete you from the newsletter subscribers list.

What happens if you do not provide the data?

The provision of any data is voluntary; if you do not provide the relevant data to us, we will not be able to send you newsletters or offers. Your email address is necessary so that we can send you the message, your name for identification purposes and the newsletter type is necessary for us to know what type of newsletter you would like to receive from us. If you subscribe to our newsletter other than online, we will process your signature so that we can prove that you consented to the sending of the newsletter. The data of newsletter subscribers are processed in line with Section 6 (5) of Act XLVIII of 2008 on Business Advertising Activities.

The manner of erasing the data: You can unsubscribe from our newsletter any time and/or can express that you no longer want to receive messages regarding our news and novelties; you can do that via the relevant link in the newsletter, by clicking the ‘Unsubscribe from newsletter’ button on the website, or via one of the contact information in the ‘Controllers’ name and contact details’ chapter, or by notifying our data protection administrator of your decision to unsubscribe. In the event you request erasure, we will erase your relevant data upon processing the request. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

To whom we may transmit your data: We will transfer your data to the service provider participating in the compilation, sending and displaying of the newsletters. Otherwise, your data may only be accessed by the dedicated authorised employees within the internal organisation of E-Commerce ILCSI E-Commerce Ltd.Your personal data will be transmitted to the following processors, recipients, for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
Ilcsi Beautifying Herbs Organic Skin Care Ltd.H-1021 Budapest, Üdülő út 37, HungaryFor the purposes of promoting ILCSI products among retail users. It belongs to a group of undertakings.
The Rocket Science Group, LLCGeorgia, 675 Ponce De Leon Ave NE, Suit 5000, Atlanta, Georgia 30308, USAProvides services in connection with the compilation and sending of the newsletters.
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 Paris

Provides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/

 

MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14, HungaryProvision of customer management system.

8.2.   PROFESSIONAL NEWSLETTER

The controller as regards the processing of data in relation to professional newsletters (content for beauticians and beautician students) is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.

For what purpose are your personal data processed?

If you are a professional user and has subscribed to our newsletter, we process your personal data so that we can send you professional newsletters, direct marketing messages by electronic means in connection with our novelties, products, discounts and promotions, professional offers and services.

Data subjects: include the persons subscribing to the professional newsletter on the website.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·  email address (for newsletter, electronic marketing message)

·  first name, surname

·  type of newsletter (beautician, student or retail)

·  in certain cases: your signature – if you subscribe to the newsletter other than online

·  customer card number

 

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you consent to Ilcsi Beautifying Herbs Organic Skin Care Ltd. contacting you for its own marketing purposes and/or by way of its newsletter, contacting you with advertising and promotional offers for professional partners in its own name. You have the right to withdraw your consent and/or unsubscribe from the newsletter at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

As long as the newsletter or direct marketing service is provided, or until you request the erasure of data or unsubscribe from the newsletter, direct marketing service, provided there is no other legal ground for processing.

 

Please note that we will request data updates from you every 3 years. If you do not reply to our enquiry, we will delete you from the newsletter subscribers list.

What happens if you do not provide the data?

The provision of any data is voluntary; if you do not provide the relevant data to us, we will not be able to send you newsletters or professional offers to your contact information. Your email address is necessary so that we can send you the message, your name for identification purposes and the newsletter type is necessary for us to know what type of newsletter you would like to receive from us. If you subscribe to our newsletter other than online, we will process your signature so that we can prove that you consented to the sending of the newsletter; and your customer card number to verify your eligibility for the professional newsletter. The data of newsletter subscribers are processed in line with Section 6 (5) of Act XLVIII of 2008 on Business Advertising Activities.

The manner of erasing the data: You can unsubscribe from our newsletter any time and/or can express that you no longer want to receive messages regarding our news and novelties; you can do that via the relevant link in the newsletter, by clicking the ‘Unsubscribe from newsletter’ button on the website, via one of the contact information in the ‘Controllers’ name and contact details’ chapter, or by notifying our data protection administrator of your decision to unsubscribe. In the event you request erasure, we will erase your relevant data upon processing the request. If you have a professional user account, you can also unsubscribe from the newsletter in your account. In the event you request erasure, we will erase your relevant data upon processing the request. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

To whom we may transmit your data: We will transfer your data to the service provider participating in the compilation, sending and displaying of the newsletters. Otherwise, your data may only be accessed by the dedicated authorised employees within the internal organisation of Ilcsi Beautifying Herbs Organic Skin Care Ltd.

NameRegistered officePurpose of data transmission or transfer
The Rocket Science Group, LLCGeorgia, 675 Ponce De Leon Ave NE, Suit 5000, Atlanta, Georgia 30308, USAProvides services in connection with the compilation and sending of the newsletters.
MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14, HungaryProvision of customer management system.
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 Paris

Provides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/

 

ILCSI E-Commerce Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

 

group of undertakings, administrative purposes as regards the processing of data in relation to professional newsletters
Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

 

group of undertakings, administrative purposes with regard to the data in relation to the professional webshop

9. DATA PROCESSING IN CONNECTION WITH TRAININGS AND EVENTS

The controller in connection with the data relating to trainings (including organisation, implementation) is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

If you are our professional partner, we process your data so that you can participate at our trainings and you can complete the courses. Furthermore, so that we can certify that you have completed the trainings, and can issue a certificate to you.

Data subjects: include the professional users who have applied to our trainings.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·       surname

·       first name

·       email address

·       phone number

·       address

·       billing data

·       means of payment

·       status of payment

·       name, location and date of training applied for

·       Data on the certificate: title and date of the training, your name (first name, surname)

Performance of the contract

Under Article 6(1)(b) of the GDPR

So that you can attend the training under the contract concluded with us, and we can certify the completion thereof by issuing you a certificate. 

 

We shall retain these data for 3 years following the termination of the contract.

 

What happens if you do not provide the data?

Providing the above personal data is a prerequisite for the conclusion and performance of a contract regarding your application and order; if you do not provide such data to us, you will not be able to attend the trainings, we will not be able to notify you in relation to the trainings (e.g. cancellation, new location), and we will not be able to certify your completion of the training by issuing you a certificate.

Manner of erasing the data: Data shall be erased upon expiry of the above retention period.

To whom we may transmit your data: Our dedicated staff member will proceed in connection with ensuring your participation in the trainings. In the internal organisation of the Controllers, access to your personal data is otherwise restricted to authorised and dedicated employees.

In connection with the performance of your contract, your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:

NameRegistered officePurpose of data transmission or transfer
PROGEN Mérnöki Fejlesztő és Szolgáltató Korlátolt Felelősségű TársaságH-1118 Budapest, Homonna utca 8/A, HungaryOperator of the sERPa enterprise resource planning system.
Ilona Polyákné Gömöri, sole traderH-2011 Budakalász, Nárcisz u. 7., HungaryProvides bookkeeping services to us.
National Tax and Customs Administration, HungaryH-1054 Budapest, Széchenyi u. 2., HungaryElectronic reporting of data on issued invoices pursuant to Act CXXVII of 2007
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, Hungary

Operates the webshop and website for us.

 

OTP Mobil Kft.H-1093 Budapest, Közraktár u. 30-32, HungaryProvides the online payment service and the management of online payment transactions. It has its own privacy notice regarding data processing.
OTP Bank Nyrt.H-1051 Budapest, Nádor u.16, HungaryFor payment services (the bank card data provided in the SimplePay system are also processed by OTP Bank Nyrt.). It has its own privacy notice regarding data processing.
Worldline SATour Voltaire, 1 Place des Degrés, CS 81162, 92059 Paris la Défense CedexIt provides us with online payment services, online payment processing. It has its own privacy policy on data processing. https://www.six-payment-services.com/hu/services/legal/privacy-statement.html
PayU S.A.Antala Staška 2027/77, 140 00 Praha 4It provides us with online payment services, online payment processing. It has its own privacy policy on data processing. https://hungary.payu.com/privacy-portal/
BIG FISH Payment Services Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryEnables us to process online payments https://www.paymentgateway.hu/adatvedelem
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/

KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

 

H-1031 Budapest, Záhony utca 7, Hungaryinvoicing
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.

Aut O’Mattic Ltd.

 

Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, IrelandProvides us with webshop programming services for the archive data of the webshop and the website.

Automattic Inc.

 

60 29th Street #343

San Francisco, CA 94110

USA

 Provides us with webshop programming services for the archive data of the webshop and the website.
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system

10. DATA PROCESSING IN CONNECTION WITH CONFERENCES AND EVENTS

The controller regarding data processing in relation to events (in particular professional events, appearance): Ilcsi Beautifying Herbs Organic Skin Care Ltd.

For what purpose are your personal data processed?

So that we can ensure your participation in the events we organise free of charge or against payment. In the case of events organised by us, participation is conditional upon application if it is a free event, and upon the payment of the participation fee if there is such a fee. Our events are available for our professional partners.

Data subjects: include the persons who wish to participate and/or actually participate at our events.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·       name (first name and surname)

·       email address

·       phone number

·       address

·       billing address

·       payment method

·       payment status

·       name, location and date of the event you have enrolled for

 

Performance of the contract

Under Article 6(1)(b) of the GDPR

For the purposes of participation at the event organised by Ilcsi Beautifying Herbs Organic Skin Care Ltd. 

We shall retain these data for 3 years following the termination of the contract.

What happens if you do not provide the data?

The provision of the data is a prerequisite for registration and participation in the event; if you do not provide the data to us, you will not be able to participate at the event. We ask for your name and contact information (email address, phone number) so that we can identify you and/or can provide you information in relation to the event.

Manner of erasing the data: Data shall be erased upon expiry of the above retention period.

To whom we may transmit your data and/or who may access your data: Your data processed within the framework of contractual performance may be transmitted – if a legal claim arises – to the attorney performing our legal representation (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal representation) and/or to the authorities with territorial and subject-matter competence. Your personal data may be accessed by the dedicated authorised staff members within the internal organisation of Ilcsi Beautifying Herbs Organic Skin Care Ltd. Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

ILCSI E-Commerce Ltd.

Registered office: H-1021 Budapest, Üdülő út 37., Hungary

 

or to the organiser of the event or conference or the person hosting the same, for the purpose of organising the conference or event. 

10.1.     RAFFLES OR PRIZE COMPETITIONS AT EVENTS

 

The controller regarding data processing in relation to events (in particular professional events, appearance), including data processing in relation to raffles or prize competitions: Ilcsi Beautifying Herbs Organic Skin Care Ltd.

 For what purpose are your personal data processed?

So as to ensure that you can participate at the raffles or prize competitions organised at our events.

Data subjects: include those who want to participate and/or actually participate at the raffles or prize competitions.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·       name (first name and surname)

·       email address

 

Your consent.

Under Article 6(1)(a) of the GDPR

By checking the relevant checkbox, you consent to Ilcsi Beautifying Herbs Organic Skin Care Ltd. processing your personal data for the purpose of your participation at the raffle or prize competition.  You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Your data will be deleted after the drawing or prize competition.

 

What happens if you do not provide the data?

Providing the data shall be voluntary and is not a prerequisite for participating in the raffle or prize competition. You may decide to participate at the raffle or prize competition without providing us your personal data.

 Manner of erasing the data: Data shall be erased upon expiry of the above retention period.

To whom we may transmit your data and/or who may access your data: Your personal data may be accessed by dedicated employees of Ilcsi Beautifying Herbs Organic Skin Care Ltd. authorised to access your personal data within the internal organisation of the company. Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

ILCSI E-Commerce Ltd.

Registered office: H-1021 Budapest, Üdülő út 37., Hungary

 

11.     REPORTING ON EVENTS

 The controller with regard to data processing in relation to events (e.g. those organised by us or which we attend as an exhibitor) is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.

 For what purpose are your personal data processed?

In connection with the events organised by us and/or which we attend e.g. as a partner or exhibitor, the purpose is to report on these events and/or to promote the event. Please note that certain events may also be covered by the media independently of us.

Data subjects: shall include the persons who may appear in the event records (as part of the crowd).

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·      in certain cases your image or voice that is not presented individually (photo, video and other recordings, your actions at the event)

Legitimate interest

(Article 6(1)(f) of the GDPR)

So that we can prepare non-individual image recordings about our events in line with the provisions of Section 2:48 (2) of Act V of 2013. The interest of Ilcsi Beautifying Herbs Organic Skin Care Ltd. consists in documenting its activities, promoting it and making it known to the public and potential partners, facilitating its successful operation and promoting its business interests, preparing PR and marketing materials, and using the records for marketing purposes. The data processing also serves the enforcement of our business interests and the improvement of our competitiveness and business reputation.  Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: You will not be pictured on the recordings individually; and they are only prepared and used in a purpose-limited way, in relation to the event. The complete balancing test is available here.

 

The non-individual recordings will be processed until the assessment of your objection, except if our legitimate interests allow further processing or there is another legal basis for our data processing. We will review the necessity of data processing every 3 years.

You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

In the case of non-individual recordings, you do not need to provide data; by entering and attending the event, you make it possible for us to process your data. However, you can notify us (verbally at the event or through one of our contact details thereafter) if you object to the processing of the data.

Manner of erasing the data:

In the case of data processing for legitimate interests, data will be erased upon your objection where there is no other legal ground for the processing.

To whom we may transmit your data: To report on the event, your personal data may be published on the official social media platforms of ILCSI, e.g. Facebook, Instagram, Youtube, and so they may be available to the public. Please note that certain events may also be covered by the media; in such cases they act as independent controllers. Within the internal organisation of Ilcsi Beautifying Herbs Organic Skin Care Ltd., the authorised dedicated employees may access the data to the extent necessary for their work (such as for preparing PR materials). Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

ILCSI E-Commerce Ltd.

Registered office: H-1021 Budapest, Üdülő út 37., Hungary

 

12.     DISPLAY OF ‘ILCSI BEAUTY SALONS’ ON THE WEBSITE, PARTNER CARD, INDIVIDUAL ORDERS THROUGH BUSINESS PARTNER

 The controller in regard of data processing in relation to displaying the reference and priority beauty salons / branding partners on the website and individual orders, or data regarding the sales system is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

If you are our partner as a reference or priority beauty salon or branding partner and the email address you provide to us contains personal data, we process the same in order to display your salon as a reference or priority beauty salon or branding partner on the website. Please note that in order to be displayed as a reference, priority or branding partner beauty salon on the website, it is not necessary for you to provide such an email address or other contact information that includes personal data; thus, for example, it is not required to contain your full name. In the event the contact information of the reference or priority beauty salon or branding partner under the ‘Beauty Salons’ menu on the website comes from a source other than you, then the source of the data is: the reference or priority beauty salon where you engage in your activity (in such a case, your personal data are processed in accordance with this Privacy Notice). Data subjects include the beauticians (sole traders, employees, under other work relationship) of the beauty salon displayed on the website.

We process your data in order to get data regarding the sales system and the operation of the sales system of the ILCSI branded products, and so we are able to investigate the fulfilment possibility of an individual order through our business partner (bigger quantity orders, orders violating the rules of sales system) based on storage capacity and rules of such system and provide information about the fulfilment of the order to our sales partner. Further we process some of your data in order to give feedback on your status and agreement of reference beautician or partner beautician to our sales partner for the purpose of creating, extending or renewing a partner card – if you have such a card – issued by our business partner. The source of such data is: Hair-line Kft. (H-2045 Törökbálint, Jázmin utca 1., Hungary, email: adatvedelem@hairline.hu).

Data subjects: include the ones placed individual orders and participants of the sales system.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

Regarding display on the website:

·       email address

·       surname

·       first name

·       phone number

·       salon’s name

·       salon’s address

·       website address

·       salon e-mail address

·       salon phone number

·       opening hours

·       salon equipment and services: e.g. air conditioning, hairdresser, pedicure-manicure, payment by card etc.

·       portrait of  beautician

Individual orders through business partner, data regarding sales system and partner card issued by business partner:

•           name of beautician

•           monthly turnover data of beauticians

•           monthly data of customer book

•           status and agreement of Ilcsi partner beautician

•           data of individual orders or orders in question  regarding breach of sales system rules such as: date of order, name and address of customer, name and quantity of the product ordered

•           authorisation to issue product recommendations

•           authorisation to issue coupons

Legitimate interest

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that our professional partners (reference and priority beauty salons or branding partners) can appear on the website. The opportunity to appear on the website is ensured for our partners who are reference beauty salons; such beauticians/beauty salons act for purposes which are within their trade or business. As a rule, we do not request personal data for such display; however, the email address provided by the beauty salon may contain personal data as the affected persons typically work as sole traders. The data processing is necessary for the operation of the sales system of the ILCSI branded products. This data processing also serves the business, economic and financial interests of the Controllers, the realisation of their envisaged business model – professional partnership – and/or the creation of close relationships with our professional partners. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. The complete balancing test is available here.

Legal basis for the processing of photographs containing the portraits displayed on the website:

Your consent

Article 6(1)(a) GDPR

By ticking the relevant box (checkbox), you consent, either in writing or electronically, to Ilcsi taking photographs of your image for illustrative purposes in the list of reference beauticions available on its website and to use and process them for the purpose of electronic display in the list of reference beauticians available on its website, to publish them as illustrations, to make them public. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

Personal data on the website are processed as long as the partnership with the beauty salon exists; upon termination, we will erase the data after 3 months. If you have objected to data processing, data are processed until the assessment of such objection, except if our legitimate interests allow for further processing or there is another legal ground for processing. If you withdraw your consent, we will delete your photo from the website.

 

Personal data regarding sales system, and data of individual orders are retained for 3 years following the acquisition of the data or the date of the order or will be processed until the assessment of your objection, except if our legitimate interests allow further processing or there is another valid legal basis for our data processing.

If you are an employee of, or are in another work-related relationship with, our partner that is a reference beauty salon or priority beauty salon, and the data came from a source other than you, then the source of the data is your employer or one of our beauty salon partners who has a legal relationship with you, or our business partner who issued your partner card or with whom (or whose partner) you placed the ad hoc order.  

Legitimate interest – in the interest of the reference beauty salon or priority beauty salon

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that our professional partners (reference and priority beauty salons) can appear on the website. This data processing serves the business and economic interests of the reference beauty salons and priority beauty salons, and that they can appear on the website so as to allow interested visitors to contact them. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing the interests of a third party. There is no other way for us to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. The complete balancing test is available here.

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

Providing the above personal data on the website is your obligations under the partnership agreement; if you do not provide such data to us, you will not be able to appear on the website. You are not required to provide an email address that contains personal data. If the data were not provided by you, the source of the data is the reference or priority beauty salon employing you. The publication of photographic images of you is not a condition for your presence on the website, nor is it subject to any contractual obligation, and is therefore voluntary and subject to your consent.

Manner of erasing the data: Your above personal data will be erased after the deadline defined above.

To whom we may transmit your data:  Your data may be accessed by authorised employees within the Controllers’ organisation. Please note that your personal data included in the beauticians list on the website will be available to the public. Your data will be transferred to the following recipients and processors, for the purposes indicated below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, Ireland

For the webshop and website, it provides us with hosting services.

BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, Hungary

Operates the webshop and the website for us.

Hair-Line Kft.H-2045 Törökbálint, Jázmin utca 1., Hungary

operation of the Hungarian sales system

photographer commissioned by us 

taking photographs for a website photo presentation

ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., Hungary

Provides hosting services for us for the archive data of the webshop and the website.

Color and Code Kft.H-3300 Eger, Fazola utca 6., Hungary

Provides operational services for the archive data of the webshop and the website.

Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

providing computer programs, mail system

13. CUSTOMER SATISFACTION SURVEYS

In the case of purchases in the webshop, regarding the data relating to customer satisfaction surveys, the controller is: ILCSI E-Commerce Ltd.

Regarding the data relating to satisfaction surveys in connection with the services provided to professional partners, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.

Please be informed that each of the above Controllers qualifies as an individual controller in terms of its data processing in relation to the above customer surveys.

For what purpose are your personal data processed?

So that the Controllers can receive feedback from their customers regarding their satisfaction with the purchased products and services, and what changes or modifications they would recommend. Furthermore, so that the Controllers can receive feedbacks and opinions that are important for its company group e.g. for the further development of products. Please note that the completion of the satisfaction surveys shall be voluntary.

Data subjects: include the persons who participate in the customer satisfaction surveys.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·  first name, surname

·  for professional partners, the name of the beauty salon, if any

·  email address

·  opinions regarding our services, products; the content of such opinion

·  survey content

·  result of evaluation (anonymous)

Legitimate interest

(Article 6(1)(f) of the GDPR)

So that we can ensure the high quality and continuous renewal of our products and services for our customers and partners. Data processing also serves the Controllers’ business and economic interests, its interests in maintaining its competitiveness and developing its business, and increasing its business reputation. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: We limited the scope of personal data processed to the minimum. Only dedicated employees within the Controllers’ organisation have access to the personal data, to the extent necessary for performing their tasks. The data remain within our organisation and their results remain within our company group, they are not transferred anywhere. The complete balancing test for Ilcsi Beautifying Herbs Organic Skin Care Ltd. is available here and for ILCSI E-Commerce Ltd. here.

Regarding the personal data relating to customer satisfaction surveys (data serving as the basis for evaluation), data are processed for 3 years from the day following the closure of the given satisfaction campaign. If you have objected to data processing, data are processed until the assessment of such objection, except if our legitimate interests allow for further processing or there is another legal ground for processing.

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may notify the given controller thereof via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

We already have the above personal data. Completing the survey shall be voluntary.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: The data may be accessed by the authorised dedicated employees within the Controllers’ organisation, and the data may also be transferred to the following recipients, processors, for the following purposes:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
MiniCRM Zrt.H-1075 Budapest, Madách Imre út 13-14, HungaryProvision of customer management system.
Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

 

group of undertakings – for online shop purchases, data on customer satisfaction measurement

ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., Hungary

Provides hosting services for us for the archive data of the webshop and the website.

 

Color and Code Kft.H-3300 Eger, Fazola utca 6., Hungary

Provides operational services for the archive data of the webshop and the website.

ILCSI E-Commerce Ltd.

H-1021 Budapest, Üdülő út 37., Hungary

group of undertakings – for data on measuring satisfaction with the services provided to professional partners

14. STOCK MONITORING SERVICE

Regarding the data relating to the provision of the stock monitoring service (related to the webshop), the controller is: ILCSI E-Commerce Ltd.

For what purpose are your personal data processed?

So that we can send you a notification of product availability if it was out of stock. You may freely decide whether you want to be notified of product availability.

Data subjects: include the persons who use the stock monitoring service available on the website.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·  email address

·  name of the product concerned

Legitimate interest

(Article 6(1)(f) of the GDPR)

So that we can ensure the high quality of our services, increase our customers’ satisfaction and enhance our relationships with customers.  Data processing also serves the business and economic interests of ILCSI E-Commerce Ltd., its interests in maintaining its competitiveness and developing its business, and increasing its business reputation. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations, also taking cost efficiency into account.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. Only a limited number of dedicated employees within our organisation have access to the personal data, to the extent necessary for performing their tasks.

 The complete balancing test is available here.

Your data will be erased if the product has become available and you have been notified thereof. If you have objected to data processing, data are processed until the assessment of such objection.

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

Providing the data shall be voluntary; if you do not provide your email address, we will not be able to notify you if the product is in stock.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: The dedicated employees within the organisation of ILCSI E-Commerce Ltd. have access to the personal data. Your personal data will be transferred to the following recipients and processors, for the purposes indicated below, in order to provide this service:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Mailjet SASParis HQ, 4 rue Jules Lefebvre, 75009 ParisProvides a service related to the compilation and distribution of the webshop's system messages and newsletters. https://www.mailjet.com/legal/privacy-policy/
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.
Ilcsi Beautifying Herbs Organic Skin Care Ltd.H-1021 Budapest, Üdülő út 37., Hungarygroup of undertakings

15.  DATA PROCESSING IN RELATION TO OUR SOCIAL MEDIA ACCOUNTS

With regard to data processing in relation to the official social media accounts (Instagram, Facebook, Youtube) of the company group, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.

For what purpose are your personal data processed?

In order to operate the official social media platforms, so that we can customise our social media platforms according to customers’ demands. We process your data (as a data subject) on our social media platforms if you like or follow us, post comments or opinions or share something on our official social media platforms.

Please note that you have provided your data to the service provider operating the social media platform in question (e.g. Facebook, Instagram, Youtube), and not to us directly. Please note that the processing operations carried out by these social media sites is governed by their own privacy policies. Please remember that the contents posted on any of our official social media platforms may often be publicly available, and so be careful about what personal data you provide. Please also note that our data processing as specified in this Section applies to our official social media platforms – we have no impact on any other social media fan pages or platforms relating to the ILCSI products/brand etc.

Data subjects: users who use our social media platforms.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·  your social media username

·  as the case may be: the personal data provided by you in your social media profile (name, nickname, photo etc.)

·  subject-matter and content of the opinion or comment

·  your opinion, comment or question on your social media page

·  your feedback on an event

·  the fact that you were interested in/ are going to/attended the event or cannot attend it

Legitimate interest

(Article 6(1)(f) of the GDPR)

So that we can ensure the high quality of our services and enhance our relationships with customers.  Data processing also serves the business and economic interests of Ilcsi Beautifying Herbs Organic Skin Care Ltd., its interests in maintaining and developing its competitiveness, and increasing its business reputation. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. Only a limited number of dedicated employees within the organisation of Ilcsi Beautifying Herbs Organic Skin Care Ltd. have access to the personal data. The complete balancing test is available here.

 

Until you unsubscribe, unfollow us and/or object to data processing.

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

You may freely decide which data you provide on the given social media platform. We do not dispose over the data; you as the user of the given platform provide and dispose over the data. Providing the personal data is not essential for the use of the given social media platform. 

The manner of erasing the data: Ilcsi Beautifying Herbs Organic Skin Care Ltd. has no influence on the above data; you can modify and/or delete them in your social media profile.

To whom we may transmit your data: The data relating to your social media activity will become known to the social media platform provider (Facebook, Instagram, Youtube) as well. Social or other content sharing websites: Please note that such social media platforms are governed by their own privacy policies, and Ilcsi Beautifying Herbs Organic Skin Care Ltd. assumes no liability in connection with that.

Within the organisation of Ilcsi Beautifying Herbs Organic Skin Care Ltd., only dedicated employees have access to personal data. Certain of your data may be transferred to the member of the group of undertakings for administrative purposes:

ILCSI E-Commerce Ltd.

Registered office: H-1021 Budapest, Üdülő út 37., Hungary

 

16. ENQUIRIES RELATING TO PROCESSING

Regarding the enquiries relating to the data processing operations of Ilcsi Beautifying Herbs Organic Skin Care Ltd., the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.

Regarding the enquiries relating to the data processing operations of ILCSI E-Commerce Ltd., the controller is: ILCSI E-Commerce Ltd.

Please be informed that each of the above Controllers qualifies as an individual controller in terms of their processing operations relating to data processing enquiries.

For what purpose are your personal data processed?

So that the Controllers can provide you the opportunity – in a documented manner – to exercise your rights as described in the ‘Your rights and how to enforce them’ chapter. Furthermore, so that – as regards your rights – they can comply with the principle of accountability required from them under the GDPR. After the death of a person affected by the Controllers’ data processing – having regard to the authorisation of recital (27) in the GDPR – in order to ensure the possibility of enforcing rights related to personal data pursuant to Section 25 of the Privacy Act. You may freely decide which personal data you provide to us in your enquiry or while exercising your right; however, if data are missing, we may not be able to fulfil your enquiry or request. Data subjects include the persons sending enquiries in relation to our data processing.

Data subjects: are the users who send enquiries or comments regarding the Controllers’ processing operations or wish to exercise their rights as data subjects.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·  data provided in the enquiry

·  name

·  e-mail address or other contact information

·  subject-matter and content of the request

·  in certain cases, signature

·  in the case of exercising rights relating to the data of deceased persons: name and contact information of the person entitled to exercise the rights, the necessary data of the death certificate or court decision, and the public document certifying identity and the close relative status and/or the fact of certifying the close relative status, any declaration or order made to the Controllers.

Legitimate interest

(Article 6(1)(f) of the GDPR)

The personal data are processed by the Controllers so that it can properly document any data processing enquiries and the measures taken upon them, can defend any legal claims and/or can prove their compliance with the GDPR and the data protection laws upon an authority’s inquiry. Furthermore, the Controllers’ legitimate interest is also in line with Article 5(2) of the GDPR (the principle of accountability) and documents compliance therewith under Article 12(1) of the GDPR, also having regard to Article 11 (Processing which does not require identification). Furthermore, data processing for this purpose also serves the enforcement of the Controllers’ business and economic interests and their legally compliant operation (Section 25 of the Privacy Act). Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing the Controllers’ interests. There is no other way to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. Only a limited number of dedicated employees within the Controllers’ organisation have access to the personal data. The complete balancing test for Ilcsi Beautifying Herbs Organic Skin Care Ltd. is available here and for ILCSI E-Commerce Ltd. here.

 

Data will be retained for 18 months following the date of enquiry, so that we can prove that we have ensured your rights in accordance with the GDPR, and also for the resolution of any legal disputes. If a relevant proceeding has been initiated, we will process your personal data until closure of the proceeding.

If you have objected to data processing, data are processed until the assessment of such objection, except if our legitimate interests allow for further processing or there is another legal ground for processing.

 

 

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

The provision of the data may be a prerequisite of processing your enquiry, and your name is necessary for identification. If you do not provide these, the Controllers may not be able to process your enquiry completely, or not at all. In the case of exercising the rights of the deceased person affected by data processing, the data (declaration made to the Controllers, death certificate, court decision, public deed certifying identity and/or the close relative status) are necessary under Section 25 (1) and (4) of the Privacy Act. Please note that when requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Your personal data may be accessed by the Controllers’ dedicated employees, and the data may be transferred to the competent authority or court, or to the Controllers’ legal representative (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal advisory).

Certain of your data may be transferred to the other member of the group of undertakings, other than the controller, for administrative purposes:

ILCSI E-Commerce Ltd. – with regard to the personal data processed by Ilcsi Beautifying Herbs Organic Skin Care Ltd.

Registered office: H-1021 Budapest, Üdülő út 37., Hungary

 

 
Ilcsi Beautifying Herbs Organic Skin Care Ltd. – with regard to the personal data processed by ILCSI E-Commerce Ltd.

Registered office: H-1021 Budapest, Üdülő út 37., Hungary

 

 
and to Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandfor providing computer programs, mail system.

17.  FULFILMENT OF THE OBLIGATIONS IN RELATION TO PERSONAL DATA BREACHES

Regarding data processing by Ilcsi Beautifying Herbs Organic Skin Care Ltd. in relation to personal data breaches, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.

Regarding data processing by ILCSI E-Commerce Ltd. in relation to personal data breaches, the controller is: ILCSI E-Commerce Ltd.

Please be informed that each of the above Controllers qualifies as an individual controller in terms of their processing operations relating to personal data breaches.

For what purpose are your personal data processed?

So that if necessary, the Controllers can notify you of any personal data breach, notify the data protection authority of such notification, and can document that such notification has been sent. The Controllers’ notification obligation on the personal data breach is based on Article 34 of the GDPR, according to which the Controllers shall communicate the personal data breach to the data subject when the personal data breach is likely to result in a high risk to his or her rights and freedoms and/or if the supervisory authority (NAIH – Hungarian National Authority for Data Protection and Freedom of Information) ordered the Controllers to do so. The notification shall not be required in the cases regulated in Article 34(3) of the GDPR. Furthermore, we also process your personal data you provide to us for this purpose, so that we can comply with our obligation to notify and document personal data breaches in accordance with Article 33(5) of the GDPR – the personal data breach records contain your data anonymously (e.g. the approximate number of data subjects, categories of data concerned). The official notification is made on the notification form provided by the authority.

Data subjects: are the users whose data were affected by the personal data breach detected at the Controllers.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·  name

·  email address

·  content of the notification on the breach (in particular: the nature of the personal data breach, consequences, remedial actions taken)

·   

Legitimate interest

Under Article 6(1)(f) of the GDPR

Your personal data are processed by the Controllers so that they can fulfil their obligations in accordance with Article 33(5) (documentation of personal data breaches) and Article 34 (communication of a personal data breach to the data subject) of the GDPR, can properly document the same, can defend any legal claims and/or can prove their compliance with the GDPR and the data protection laws upon an authority’s inquiry. Furthermore, the Controllers’ legitimate interest is also in line with Article 5(2) of the GDPR (the principle of accountability) and, under Article 34 of the GDPR, it is mandatory for the Controllers in order to operate in compliance with the law. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing the Controllers’ interests, and it also serves the interests of the data subjects, given that it is also necessary to protect their personal data. There is no other way to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. Only a limited number of dedicated employees within the Controllers’ organisation have access to the personal data. The complete balancing test for Ilcsi Beautifying Herbs Organic Skin Care Ltd. is available here and for ILCSI E-Commerce Ltd. here.

Data will be retained for 18 months following the date of communication of the breach, so that we can prove that we have performed our obligations in accordance with the GDPR, and also for the resolution of any legal disputes. If a relevant proceeding has been initiated, we will process your personal data until closure of the proceeding. If you have objected to data processing, data are processed until the assessment of such objection, except if our legitimate interests allow for further processing or there is another legal ground for processing.

personal data breach records:

·    number of data subjects

·    the categories of personal data concerned

·    facts regarding the personal data breach

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

There is no need to provide any data; we already have them.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Your personal data may be accessed by the dedicated employees within the Controllers’ organisation, and the data may be transferred to the supervisory authority (NAIH) and/or to the Controllers’ legal representative (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal representation) or to a consultant or a data processor involved in the handling of the incident. Certain of your data may be transferred to the other member of the group of undertakings, other than the controller, for administrative purposes:

ILCSI E-Commerce Ltd. – with regard to the personal data processed by Ilcsi Beautifying Herbs Organic Skin Care Ltd.

Registered office: H-1021 Budapest, Üdülő út 37., Hungary

 

 
Ilcsi Beautifying Herbs Organic Skin Care Ltd. – with regard to the personal data processed by ILCSI E-Commerce Ltd.

Registered office: H-1021 Budapest, Üdülő út 37., Hungary

 

 
and to Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandfor providing computer programs, mail system.

19.  BROWSING, COOKIES

The controller in respect of the data processing in relation to the information society services provided on the website (including the webshop on the website) is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.

When you visit the website (including the webshop on the website), the website places cookies – short data files, strings – on your computer. If you want to avoid the application of cookies on your computer or other device used for browsing (e.g. mobile phone, tablet etc.) you have the opportunity to disable the cookies for example through the relevant settings of your browser. You can find general information about cookies below, and detailed information (what cookies we use, who provides them, for what purposes we use cookies and for how long they are processed) on the cookie management page.

What are cookies?

When you visit the websites (including the webshop on the website) of the controller, the website places cookies – short data files, strings – on your computer. The anonymous user identifier (cookie) is a unique series of signs – suitable for identification and the storage of profile information – that service providers store on your device. It is important to know that such a series of signs is not suitable in itself for identifying you, it can only identify your computer. In the world of internet networks, personal information and customised service can only be rendered if service providers can individually identify their customers’ habits and needs. Service providers use anonymous identification to learn more about their customers’ information usage habits, and so they can further ameliorate the quality of their services, and be able to offer customisation opportunities to the clients. Cookies facilitate the use of websites, assist website visitors in being able to properly use the website during browsing.

1. Google traffic cookies – used by Google for monitoring Google traffic

The websites use the Google Analytics system by Google Ireland Limited (‘Google’) to analyse website traffic. The Google Analytics system stores ‘cookies’ i.e. small text files on your device and uses them for analysing traffic at our website. Users who do not want Google Analytics to prepare a report on their visits can install the Google Analytics Opt-out browser add-on. This browser add-on instructs the scripts of Google Analytics JavaScript (ga.js, analytics.js, and dc.js) not to transfer any traffic information to Google. Furthermore, users installing the Opt-out browser add-on do not participate in content experiments either. To opt-out from web activities of Analytics on our websites, install: tools.google.com/dlpage/gaoptout

2.  Session cookies, deleted at the end of the session:

These cookies are essential for navigation on our websites, for the operation of key functions and the availability of protected contents. These cookies e.g. store the products selected by you in the webshop, and do not collect any information about you allowing your identification, which could be used for marketing purposes, or which would remember other websites visited by you. Upon closing the website, these cookies are automatically deleted and the session is closed.

3. Third party visitor behaviour cookie – Hotjar, Optimizely, Cookiebot

These cookies record how users use the website. The information recorded this way can be used to prepare statistics that can be used to further develop the website. For more information about the HotJar online behaviour analytics and feedback service, visit the provider’s website, and you can also opt out of the HotJar service here: https://www.hotjar.com/opt-out. For more information about the Optimizely online analytics service, visit the service provider’s website, and you can also opt out of the Optimizely service here: https://www.optimizely.com/about/. More information about Cookiebot is available here: https://www.cookiebot.com/. Facebook and Google also use third party cookies on our website, processing data for dynamic remarketing purposes.

4. Convenience cookies for statistical purposes

The cookies store the statistical data of your visits, so that we can improve our services.

For what purpose are your personal data processed?

To ensure the proper operation of the website, the proper display of contents, to properly design the user interface, to continuously develop the website to improve user experience, to identify you so that we can offer you content in the right language and to ensure data security. Furthermore, in order to identify the users’ browsing habits, as well as to prepare statistics relating to the website, and to collect anonymised personal data for statistical purposes.

The data subjects: include the visitors of the websites, social media sites of the Controllers.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·     the IP address, MAC address of your device

·     type of operating system and browser

·     data of error messages

·     website activity data

 

Legitimate interest

(Article 6(1)(f) of the GDPR)

Regarding the cookies that are necessary for ensuring the proper operation and basic functions of the website for our users, e.g. navigation on the website, using the basket and ordering function in the webshop, the legitimate interest of the Controllers is to be able to operate their website and/or for the cookies to ensure the smooth operation of the webshop running on the website. Data processing also serves the purpose that we can ensure that the webshop running on the website can be visited and orders can be placed therein.  Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests and the interests of third parties, and it also serves the interests of the data subjects, given that using the website would be impossible without the application of these cookies. There is no other way to carry out these data processing operations and the proper operation of the whole website.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: The cookies only process a minimum of personal data, and the cookies we use mostly process data in an anonymised way. The complete balancing test is available here.

 

Cookies processed based on legitimate interest (for detailed information see the cookie management interface):

·       user-input cookies

·       authentication cookies

·       user centric security cookies

 

Information in the cookies is stored until the realisation of the purpose (expiry of their validity), in this regard, see the detailed information on the cookie management interface; or we process the data until you disable data processing.

·     the IP address, MAC address of your device

For third party cookies (Google Analytics) and/or anonymously:

·     the number of website visitors

·     referral site

·     the website pages visited, clicks within the website

 

Your consent.

(Under Article 6(1)(a) of the GDPR)

 

For remarketing cookies, cookies displaying advertisements or monitoring user behaviour, displaying general offers, and for statistical cookies, processing is based on your consent. Your identification based on your IP address to navigate you to the language site.

 

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

Information in the cookies is stored until the realisation of the purpose (expiry of their validity), in this regard, see the detailed information on the cookie management interface; or we process the data until you disable data processing.

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

The data are not provided by you, instead we collect them about you, and the data are automatically logged by the system. Such information in itself is not suitable for personal identification, we do not merge these data with other personal data; we use the data for analysing trends, making statistics on the use of the site, administering the services, analysing and meeting users’ demands, all of which contribute to the development of the quality of our services and our website. The individual cookies are essential for the operation of the website.

The manner of erasing the data: Cookies are automatically deleted when their validity expires. If you wish to avoid that such identifiers be stored on your computer, you can select the relevant settings in your browser so that it does not permit the placement of unique identifiers or permits only certain of them – in such a case, however, you may not be able to access certain services or not in the form as if you had enabled the placement of identifiers. For the most popular browsers, you can disable the cookies here:

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en-GB

Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

Microsoft Edge: https://support.microsoft.com/hu-hu/help/4027947/windows-delete-cookies

To whom we may transmit your data: Your personal data may be accessed by dedicated employees within the Controllers' organisation. You can find the third party cookie providers on the cookie management interface. In addition, the following persons contribute to making it possible to use, browse and display our website:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
Google Ireland LimitedGordon House, Barrow Street, Dublin 4, Írország.Provides web analytics services in relation to the website.
Optimizely Inc.631 Howard Street, Suite 100, San Francisco, CA 94105, USAProvides the cookie collecting visitors’ behaviours.
Usercentrics A/S

Havnegade 39

1058 Copenhagen, Denmark

Phone: + 45 50 333 777

E-mail: mail@usercentrics.com

Provides the cookie management interface for us.
ZeroTime Services Kft.H-2013 Pomáz, Mikszáth Kálmán u. 36/4., HungaryProvides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.H-3300 Eger, Fazola utca 6., HungaryProvides operational services for the archive data of the webshop and the website.
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irelandproviding computer programs, mail system

 

20. CONSULTATION, SERVICE DEVELOPMENT, QUALITY ASSURANCE

The controller in respect of the data relating to consultation is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.

Please note that the chat consultation is provided not by ILCSI, and ICSI is solely responsible for making available the chat platform. Consultation is provided by the beautician professional providing the answers, who qualifies as an individual controller. We recommend you seek information as to personal data processing by the beautician professional prior to using the service. The personal data collected in the context of the consultation will be processed independently by the Controllers for the following purposes:

For what purpose are your personal data processed?

Processing of data is carried out for the purposes of improving the products and services of the Controllers and quality assurance. In the course of the processing, the Controllers record and analyse the data provided in the context of the consultancy. The data of the conversation are stored and processed by the Controllers in such a way that they are not in themselves personally identifiable and are not linked to other personal data.

Data subjects: include the users initiating the consultation available on the website and/or participating in the same.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

·     data provided by you in the framework of consultation

·     offline when sending a request for advice in addition to the above: name and

email address

·     your IP address

·     if you want to continue the chat on Messenger, your Messenger contact details and username

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you expressly consent to the Controllers processing your personal data specified in this Section for the purposes of improving our products and services and for quality assurance. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

Based on your explicit consent,

(Article 9(2)(a) of the GDPR)

 

we process your data falling into special categories of personal data in case you provide such data and if such data are necessary for the consultation. Please note that we do not ask you to provide any special category of personal data.

 

By checking the relevant checkbox, you expressly consent to the Controllers processing your personal data specified in this Section for the purposes of improving our products and services and for quality assurance. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

We will process your personal data until the withdrawal of your consent – but for no longer than 1 year.

 

 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to participate in the consultation service and we cannot analyse your data. Your name and email address will only be requested for contact purposes by the beautician professional providing the advice when there is no live chat on the website (chat indicates offline status). This way you can send your question to the beauty professional and he/she will answer it later by email. You only need to enter your Messenger details if you want to switch from the chat forum to Messenger and continue the conversation there.

Manner of erasing the data: We will erase your above personal data upon expiry of the above deadline.

To whom we may transmit your data:  Within the organisation of the Controllers, your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, other recipients for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandProvides web hosting services for us for the webshop and the website.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and the website for us.
beautician professional providing the consultation

 

provides the consultation
Jivosite, Inc.

1811 Silverside Road, Wilmington, Delaware, 19810 (képviselője: Security Trend Ltd, UK, email: info@security-trend.co.uk)

service provider of chat program
ZeroTime Services Kft.

H-2013 Pomáz, Mikszáth Kálmán u. 36/4., Hungary

Provides hosting services for us for the archive data of the webshop and the website.
Color and Code Kft.

H-3300 Eger, Fazola utca 6., Hungary

Provides operational services for the archive data of the webshop and the website.

Aut O’Mattic Ltd.

 

Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland

Provides us with webshop programming services for the archive data of the webshop and the website.

Automattic Inc.

 

60 29th Street #343, San Francisco, CA 94110, USA Provides us with webshop programming services for the archive data of the webshop and the website.

21. CONTRACTUAL CONTACT PERSONS

The controller is the contracting company: Ilcsi Beautifying Herbs Organic Skin Care Ltd. or ILCSI E-Commerce Ltd.

 For what purpose are your personal data processed?

Processing of data is carried out in connection with the conclusion of a contract with us. During processing, the data of the natural persons included in the contract will be processed with the objectives of concluding and performing the contract, administration relating to the performance of the contract and for communication purposes.

Data subjects: Natural persons included in the contract.

Which of your personal data do we process:On what basis do we process these (legal bases):For how long do we process these data:

For company/organization contact persons or contractual partners who are private individuals:

·      first name and surname of contractual partner

·      address of contractual partner

·      contact details of contractual partner (e.g. email, telephone)

·      in certain cases, signature of contractual partner

·      name of company contact person

·      contact details of company contact person (e.g. email, telephone)

·      position of company contact person

 

For company/organization representatives:

Data included in public registers:

·      first name and surname

·      place of birth

·      home address

·      e-mail (company or as indicated in a public register)

·      mother’s name

·      tax identification number

·      manner of representation, effective date, duration and expiry of title

Contact data:

·      (workplace) phone number, e-mail

Other:

·      in certain cases, signature

 

For contractual partners who are sole traders:

Data included in public registers:

·     name

·     registration number

·     tax number

·     statistical code

·     date of registration

·     registered office (establishment)

·     activities

·     status (e.g. suspension and the starting date thereof)

·     sole trader ID data

Contact data:

·      (workplace) phone number, e-mail

Other:

·      in certain cases, signature

 

Source of data: Where we obtained such data from a source other than you, then the source of the data is our contractual partner who is your employer or partner under other legal relationship.

If you act (with right of sole or joint representation) on behalf of our contractual partner, or you are our contractual partner in your capacity as a sole trader, and the above data have been obtained by us from a source other than you or the contracting company, then the data are from a publicly available source, namely from the company or other public register.

For data processing related to the conclusion or performance of the contract:

 

Processing of the data of company/organization contact persons/representatives:

Legitimate interest

Under Article 6(1)(f) of the GDPR

The processing is necessary based on the legitimate interest of our contractual partner (who is your employer or contracted partner, or the company/organization you represent) and on our legitimate interest for concluding, performing the contract and communicating in relation to the contract and for contacting each other fast and interactive.

 

Considering your interests, rights and freedoms to freely dispose of your personal data, we have found that the enforcement of the legitimate interest of our contractual partner and our legitimate interest regarding the conclusion and faultless performance of the contract as well as the relating contact and communication overrides your right to dispose of your personal data. We have also found that the restriction is necessary and proportionate to the fulfilment of your job as an employee or your contractual obligations as a contracted partner, as applicable. We have chosen the measure entailing the least possible restriction, also considering cost-effectiveness. There is no other way for us to carry out these data processing operations.

 

Safeguards: The Controllers will process your data confidentially; only dedicated persons within their organisation may access the data.

Objection: You may object to data processing any time where such processing takes place on grounds of legitimate interests.

 

If the contracting party is a private individual or sole trader:

 

Performance of the contract

(Under Article 6(1)(b) of the GDPR)

Contract refers to a contract entered into by you with us for our services or by us for your services.

 

 

Processing starts when the first personal data are supplied to us during the negotiations prior to contract conclusion with a view to the successful conduct of contract negotiations. We will retain the data for 5 years following the date of contract termination (the end of the statute of limitations period under civil law) with a view to contract performance; upon expiry of such deadline, we review our data processing and the data will be erased if there is no other valid legal basis for the processing (e.g. in the case of accounting or tax obligations, we retain the data together with the relevant documents for the period specified by law for the purpose of complying with these obligations, see. Chapter PAYMENT AND INVOICING, ISSUE OF ACCOUNTING DOCUMENT).

 

If you have objected to the processing of personal data processed based on legitimate interest, data are processed until the assessment of such objection, except if there is a valid legal basis for further data processing.   

 

 

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data? Please note that if you are our contracted partner in your capacity as a natural person or sole trader, the conclusion of the contract is conditional upon you providing the personal data, in the case of a sole trader, the data are also included in a public database. If our contractual partner is a company or organization represented by you, it shall be mandatory for contracting parties to provide their data regarding representation, as it is not possible to conclude the relevant contract in lack of such data; however, these data are also available from public databases. Under the relevant contract the contracting parties are also required to provide their respective contact persons’ data in order to facilitate contractual performance, keeping contact, assigning the tasks related to the contract; in lack of such data, performance of the contract may even become impossible. Providing the above personal data is not required by law.

Manner of erasing the data: We will erase your above personal data upon expiry of the above deadline if there is no other valid legal basis for further data processing.

To whom we may transmit your data:  Within the organisation of the Controllers your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, other recipients for the purposes specified below:

NameRegistered officePurpose of data transmission or transfer
Microsoft Ireland Operations LimitedOne Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.providing computer programs
IT system administrator data security, computer system monitoring and error correction
Google Cloud EMEA Limited70 Sir John Rogerson’s Quay, Dublin 2, IrelandFor the webshop and website, it provides us with hosting services.
BIG FISH Internet-technológiai Kft.H-1066 Budapest, Nyugati tér 1-2, HungaryOperates the webshop and website for us.
lawyer, law firm reviewing and writing contracts and related materials
ILCSI E-Commerce Ltd. or Ilcsi Beautifying Herbs Organic Skin Care Ltd.

H-1021 Budapest, Üdülő út 37, Hungary

 

transfer of data for administrative purposes within the group of undertakings

 

Ilona Polyákné Gömöri sole trader

H-2011 Budakalász, Nárcisz u. 7, Hungary

accounting services where necessary to fulfil accounting obligations
ZeroTime Services Kft.

H-2013 Pomáz, Mikszáth Kálmán u. 36/4., Hungary

Provides hosting services for us for the archive data of the webshop and the website.

 

ACCESS TO DATA, DATA SECURITY MEASURES

The Controllers will do everything in their power to take care of the security of your personal data in compliance with Article 32 of the GDPR. In addition to that, the Controllers will take the technical and organisational measures and have in place the procedural rules as necessary to comply with the GDPR and other relevant data protection and confidentiality regulations.

The Controllers guarantee the appropriate level of data security in the following manner: your data are stored in a secure technical environment, they are accessible only by authorised persons (our staff members after appropriate identification), we use encryption for your electronically stored data, the natural persons with access to the personal data may process the personal data only in line with the Controllers’ instructions; we ensure that data integrity can be certified, we protect your data from unauthorised access and, with a view to that, we apply security measures, for data transfers we use encryption with an appropriate technical solution, and we test, evaluate and correct our security measures.  Personal data breach: If a breach takes place concerning your data, after becoming aware thereof, we will do everything in our power to mitigate the risks. If such an event takes place concerning your data which, in spite of the protection measures taken by the Controllers (or their processor), is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority thereof without delay (including any steps you can take).

DATA TRANSFER TO A THIRD COUNTRY

Personal data may only be transferred to a third country if the third country in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.

Currently, the data are transferred to the following controllers and processors to the following third countries outside the EU, for the following purposes:

Processor’s name, registered office, countryAdequacy decision – under Article 45(1) of the GDPRPurpose of data transmission, transfer and processing
The Rocket Science Group LLC (registered office: Georgia, 675 Ponce De Leon Ave NE, Suit 5000, Atlanta, Georgia 30308, USA),Commission Implementing Decision (EU) 2016/1250 (USA - EU Privacy Shield List)In connection with sending newsletters and direct marketing messages.

Automattic Inc.

60 29th Street #343, San Francisco, CA 94110, USA

Commission Implementing Decision (EU) 2016/1250 (USA - EU Privacy Shield List) Provides us with webshop programming services for the archive data of the webshop and the website.

Optimizely Inc.

631 Howard Street, Suite 100, San Francisco, CA 94105, USA

Commission Implementing Decision (EU) 2016/1250 (USA - EU Privacy Shield List)Provides the cookie collecting visitors’ behaviours.
Jivosite, Inc. 1811 Silverside Road, Wilmington, Delaware, 19810 (representative: Security Trend Ltd, United Kingdom and Wales, email info@security-trend.co.uk)Commission Implementing Decision (EU) 2016/1250 (USA - EU Privacy Shield List)service provider of chat program

YOUR RIGHTS AND HOW TO ENFORCE THEM

You shall have the following rights in connection with your personal data processed by us:

1.        Right of access

2.        Right to rectification

3.        Right to erasure

4.        Right to restriction of processing

5.        Right to data portability

6.        Right to object

7.        Right to withdraw consent

8.        Exercise rights after death

1.        RIGHT OF ACCESS

You shall have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, about the following: what personal data are processed (in what categories), for what purpose, for how long, and the recipients of such data. Furthermore, you can to request information as to what rights you have in connection with processing i.e. that you may request the erasure, restriction of processing of personal data, the rectification of data, and may object to processing. Furthermore, you shall have the right to file a complaint with the supervisory authority (Hungarian National Authority for Data Protection and Freedom of Information, Nemzeti Adatvédelmi és Információszabadság Hatóság, registered office: H-1055 Budapest, Falk Miksa utca 9-11., website: www.naih.hu, phone number: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu). Where the personal data have not been collected from you, you may request information as to their source.

2.        RIGHT TO RECTIFICATION

You may request that your personal data be rectified, corrected or made accurate, if they have changed or have been wrongly recorded. If your data have been recorded incompletely, you may also request their completion by means of a supplementary statement.

3.        RIGHT TO ERASURE

You shall have the right to obtain the erasure of personal data concerning you where one of the following grounds applies:

-          the personal data are no longer necessary in relation to the purposes for which we have collected or processed them

-          you withdraw consent on which the processing is based, and there is no other legal ground for the processing

-          you object to the processing and there are no overriding legitimate grounds for the processing

-          we have processed the personal data unlawfully

-          the data have to be erased for compliance with a legal obligation

-          in relation to services directly offered to children.

Where we have made the personal data public, we shall take reasonable steps to inform controllers which are processing the personal that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Please note that we will not be able to fulfil your erasure request if the data are necessary for the establishment, exercise or defence of legal claims; the erasure would restrict the exercising of the right of freedom of expression and information; or if a legal obligation applicable to us (or purposes in the public interest, scientific or historical research purposes or statistical purposes) requires us to act contrary to the request.

4.        RIGHT TO RESTRICTION OF PROCESSING

You shall have the right to obtain from us restriction of processing where one of the following applies:

-          you do not think that the personal data are accurate; in such a case restriction applies to a period enabling us to verify the accuracy of the personal data

-          the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead

-          we no longer need the personal data, but they are required by you for the establishment, exercise or defence of legal claims

-          you object to processing, in such a case restriction applies pending the verification whether our legitimate grounds override your legitimate grounds

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We shall inform you about those recipients if you request it.

5.        RIGHT TO DATA PORTABILITY

You shall have the right to receive the personal data we process concerning you, and have the right to transmit (or have us transmit upon your instruction) those data to another controller specified by you, if processing is based on your consent or the performance of a contract, and is carried out by automated means. Portability shall be without prejudice to the rights and freedoms of others, and to the right of erasure (right to be forgotten).

6.        RIGHT TO OBJECT

You shall have the right to separately object to processing of personal data concerning you which is based on the Controllers’ legitimate interest, public interest, or is carried out in the exercise of official authority, including profiling. Please note that we perform profiling according to “Profiling” section of this Privacy Notice.  In such cases we shall no longer process your personal data unless processing is justified by compelling legitimate grounds which override your interests, rights and freedoms or are necessary for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. After such objection, we may no longer process the data.

7.        RIGHT TO WITHDRAW CONSENT

You shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8.       ENFORCEMENT OF RIGHTS RELATING TO PERSONAL DATA AFTER THE DATA SUBJECT'S DEATH

Pursuant to the Hungarian Privacy Act: Within five years of the death of the data subject, the following rights may be enforced in relation to the data of the deceased person by a person authorised to do so by the data subject in the form of an administrative disposal or a declaration made at the Controllers and incorporated in a public deed or a private deed of full probative value: right of access, rectification, erasure, restriction and objection. If the data subject has made more than one declaration, the declaration of the later date may be used to enforce the rights. If the data subject has not made an administrative disposal or a declaration at the Controllers, his or her close relative according to the Civil Code first contacting the Controllers may demand rectification or object to processing, and – if the processing had already been unlawful in the life of the data subject or if the purpose of processing terminated upon the death of the data subject – demand erasure or the restriction of processing of the deceased person’s data within five years of the death of the data subject. Upon request, the Controllers shall inform the data subject’s close relative on the measures taken, unless the data subject had prohibited it.

The person enforcing the data subject’s rights shall verify the fact and the date of the data subject’s death with a death certificate or with a court decision, as well as his own personal identification, together with his status as a close relative, with a public deed, in accordance with the law.

The following means of legal enforcement and remedies are available to you in connection with our processing of your personal data:

1.        You may contact us

2.        You may enforce your right to file a complaint

3.        You may turn to court

4.        You may demand compensation

 

1.     You may contact us

If you have a complaint in relation to data processing or wish to exercise your rights, you can use our following contact information for that purpose:

Email: adatvedelem@ilcsi.com

Mailing address: H-1021 Budapest, Üdülő út 37., Hungary.

We shall inform you without undue delay and at the latest within one month of receipt of the request of any measures taken further to your request, or of the reasons for not taking action. That period may be extended by two further months if the request is complex or a high number of requests is received. We will provide the information by electronic means where possible. Information and any actions taken shall be provided free of charge, unless the requests are manifestly unfounded or excessive, in particular because of their repetitive character. In such cases we may charge a reasonable fee or refuse to act on the request. We may request the provision of information necessary to confirm your identity in connection with the request. A copy of your personal data processed by us may also be requested free of charge for the first time; for any further copies, we shall charge a fee corresponding to administrative costs.

2.        Right to lodge complaints

If you believe that our data processing does not comply with the law, you may lodge a complaint to the supervisory authority; you can also lodge a complaint to the supervisory authority if we fail to act upon your request without delay but within no more than a month of receipt of the request and/or we fail to notify you of the reason of the delay. The main supervisory authority of the Controllers’ headquarters in Hungary is the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság), with its registered office at: H-1055 Budapest, Falk Miksa utca 9-11., website: www.naih.hu, phone number: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu.

3.        Right to turn to court

You have the right to turn to court: (i) against the binding decision passed by the supervisory authority concerning you, (ii) if we fail to act upon your request without delay but within no more than a month of receipt of the request and/or we fail to notify you of the reason of the delay, (iii) if the supervisory authority neglects your complaint, has rejected your complaint although you think it was justified, or completely fails to notify you of the developments and results regarding your complaint within three (3) months, (iv) without prejudice to your right to complaint, you may turn to court if you believe that your rights under the GDPR have been violated as the processing of your data did not comply with the GDPR. Proceedings against a Controllers shall be brought before the courts of the Member State where the Controllers have an establishment (Hungary). Alternatively, such proceedings may be brought before the courts of the Member State where you have your habitual residence. 

4.        Right to compensation

If you have suffered material or non-material damage (grievance award) as a result of violation of the GDPR, you are entitled to compensation from the Controllers or the processor for any damage suffered. We shall be exempt from liability if we prove that we are not in any way responsible for the event giving rise to the damage.

LEGAL BACKGROUND FOR PROCESSING

The Controllers process your personal data under the following laws:

1.        REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’)

2.        Hungarian law: Act CXII of 2011 on Informational Self-Determination and Freedom of Information (‘Privacy Act’)

3.        Hungarian law: Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Business Advertising Activities (‘Business Advertising Act’)

4.        Hungarian law: Act V of 2013 on the Civil Code of Hungary (‘Civil Code’)

GOVERNING LAW AND OTHER PROVISIONS

This Privacy Notice shall be governed by the laws of Hungary.

Should the laws in effect in your country impose rules on the parties which are more stringent than those in this Privacy Notice, you shall be obliged to comply with those more stringent rules. You, however, acknowledge and accept that the Controllers’ liability is based on the laws governing this Privacy Notice, and that, to the greatest extent permissible under the relevant laws and court decisions, it excludes its liability for not complying with the provisions applicable in the user’s country.

The headings herein are for convenience only; in themselves they are not sufficient to understand the details of processing. Should you have any questions not clearly answered in this Privacy Notice, please feel free to notify us thereof via the adatvedelem@ilcsi.com email address.

Ilcsi Beautifying Herbs Organic Skin Care Ltd. / ILCSI E-Commerce Ltd. / Jambrik Law Firm