Effective as of 17 May 2023
Click here to download, print and view the Contract. (link)
ILCSI is committed to protecting and safeguarding your personal data, and issues this Notice to provide information on the processing of your personal data. This Privacy Notice provides a summary of what personal data are processed and used by Ilcsi Beautifying Herbs Organic Skin Care Ltd. (Ilcsi SZÉPÍTŐ FÜVEK Biokozmetikai KFT) and/or ILCSI E-Commerce Ltd. (ILCSI E-kereskedelmi Kft.) as individual controllers (each a Controller, jointly ‘ILCSI’ or ‘Controllers’), and how; and how the Controllers protect such data in relation to your browsing of the website, purchases in the webshop and/or in an Ilcsi Beauty Salon store and the use of other services provided to you.
Furthermore, this Privacy Notice shall also apply to data processing in connection with the official Ilcsi Facebook, Instagram, Youtube social media platforms (www.hu-hu.facebook.com/ilcsibeautifyingherbshungary, www.instagram.com/ilcsi_official/?hl=hu, https://www.youtube.com/user/IlcsiOrganicSkincare).
What are personal data? Personal data means any information or partial information relating to you as a natural person, on the basis of which you can be directly (e.g. based on your name) or indirectly (e.g. through a personal unique identifier) identified. Your personal data include details such as: your first name and surname, home address, email address or phone number.
This Privacy Notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
Click here to jump directly to the following topics:
CONTROLLERS’ NAME AND CONTACT DETAILS
DATA PROTECTION ADMINISTRATOR’S NAME AND CONTACT DETAILS
IF YOU ARE UNDER 18 YEARS OLD – INFORMATION FOR THOSE UNDER 18
PROVISION OF A USER ACCOUNT, LOGIN TO THE USER ACCOUNT
PURCHASING PRODUCTS IN THE WEBSHOP
PLACING ORDERS OR SUBMITTING APPLICATIONS ON THE PROFESSIONAL PLATFORM OF THE WEBSITE
PAYMENT AND INVOICING, ISSUE OF ACCOUNTING DOCUMENT
CUSTOMER SERVICE, QUESTIONS RELATING TO THE PRODUCTS
DATA PROCESSING IN CONNECTION WITH TRAININGS AND EVENTS
DATA PROCESSING IN CONNECTION WITH CONFERENCES AND EVENTS
DISPLAY OF ‘ILCSI BEAUTY SALONS’ ON THE WEBSITE
DATA PROCESSING IN RELATION TO OUR SOCIAL MEDIA ACCOUNTS
ENQUIRIES RELATING TO OUR PROCESSING OPERATIONS
FULFILMENT OF THE OBLIGATIONS IN RELATION TO PERSONAL DATA BREACHES
CONSULTATION, SERVICE DEVELOPMENT, QUALITY ASSURANCE
ACCESS TO DATA, DATA SECURITY MEASURES
CONTROLLERS’ NAME AND CONTACT DETAILS
Ilcsi Beautifying Herbs Organic Skin Care Ltd. (Ilcsi SZÉPÍTŐ FÜVEK Biokozmetikai KFT)
Registered office: H-1021 Budapest, Üdülő út 37, Hungary
Other registered place of business: H-1021 Budapest, Üdülő út 35. B. ép., Hungary
Company registration number: 01-09-698591
Tax number: 12688470-2-41
Intra-Community VAT: HU12688470
Registered and kept on record by: Company Registry Court of Budapest-Capital Regional Court (Hungary)
Email: info@ilcsi.com;
Website: www.ilcsi.com;
Social media platforms: www.hu-hu.facebook.com/ilcsibeautifyingherbshungary/ , www.instagram.com/ilcsi_official/?hl=hu, https://www.youtube.com/user/IlcsiOrganicSkincare.
ILCSI E-Commerce Ltd. (ILCSI E-kereskedelmi Kft.)
Registered office: H-1021 Budapest, Üdülő út 37, Hungary
Other registered place of business: H-1012 Budapest, Attila út 79. al. 1-3, Hungary
Company registration number: 01-09-288142
Tax number: 25770171-2-41
Intra-Community VAT: HU25770171
Registered and kept on record by: Company Registry Court of Budapest-Capital Regional Court (Hungary)
Email: in Hungarian: ugyfelszolgalat@ilcsi.com; in English: customercare@ilcsi.com
Please note that the above specified Controllers (Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.) form a group of undertakings, and so they may transmit certain personal data to each other for administrative purposes.
Please note that, for ease of comprehension, the identity of the controller acting as primary controller – i.e. the controller determining the purposes and means of processing, or being responsible for informing you and for answering your data processing enquiries – is also specifically indicated in the case of each data processing operation. If not otherwise specified in this Privacy Notice, the information shall apply regarding both companies. Where the Privacy Notice mentions a company group, this shall include the following companies: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.
Regarding certain data processing operations, they jointly determine the purposes and means of processing. The essential provisions of the contract concluded between them can be summarised as follows: Both controllers process your data. The controller indicated at the specific processing operations is responsible for providing the information mentioned in Articles 13 and 14 of the GDPR. The controller indicated at the specific processing operations is responsible for responding to your enquiries sent regarding that specific processing operation. However, you may exercise your rights pursuant to the GDPR in respect of both controllers via the adatvedelem@ilcsi.com email address or the contact information indicated above. In respect of any damage caused by data processing, the above Controllers shall have joint and several liability for the entire damage to provide actual compensation.
Name, address and contact details of the hosting service provider: Google Cloud EMEA Limited (70 Sir John Rogerson’s Quay, Dublin 2, Ireland) https://cloud.google.com/ https://cloud.google.com/contact
DATA PROTECTION ADMINISTRATOR’S NAME AND CONTACT DETAILS
In accordance with the provisions of the GDPR, the Controllers did not appoint a Data Protection Officer. However, if you have any question or comment in relation to the data processing operations of either company or wish to exercise your rights, you can do so at the following e-mail address:
e-mail: adatvedelem@ilcsi.com, or
by a postal letter to Ilcsi SZÉPÍTŐ FÜVEK Biokozmetikai KFT to H-1021 Budapest, Üdülő út 37., Hungary or ILCSI E-kereskedelmi Kft. to H-1021 Budapest, Üdülő út 37., Hungary.
AMENDMENT OF THE PRIVACY NOTICE
Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd. reserve the right to unilaterally amend this Privacy Notice. If this Privacy Notice is amended, this fact will be specifically highlighted on the website. Any amendment to this Privacy Notice shall be effective as of the date of its publication on the website.
IF YOU ARE UNDER 18 YEARS OLD – INFORMATION FOR THOSE UNDER 18
Please note that you can only register on the website and/or create a retail or professional (beautician or beautician student) user account or purchase in the webshop individually if you are over 18 years. If you are under 18 years, ask one of your parents to help you use the website. If you are under 16 years old, then, before agreeing to cookies or subscribing to the newsletter, ask your parent to help you use these platforms and complete these platforms with the requested data together.
For parents: The website offers various services. Persons under the age of 18 may not register individually on the website or order products or services in the webshop. Therefore, in the case of underaged children below the age of 18, we request parents to place the order for their children. Furthermore, this section also applies to those who are under the charge of a guardian and have fully or partially limited capacity. Persons over the age of 16 can subscribe to newsletter and agree to the use of cookies, therefore, in the case of underaged children below the age of 16, we request parents to consent to the above on behalf of their children and, if possible, provide the requested data together.
THE CATEGORIES OF PERSONAL DATA PROCESSED; THE PURPOSE AND DURATION OF, AND THE LEGAL BASIS FOR PROCESSING
In the following, you can find a summary table regarding the processing of your personal data, which provides important information on what personal data are collected for what purposes and by which controller in connection with a given operation, what is the legal basis of data processing, and for how long are your personal data stored.
Please be informed that in certain cases the Controllers also use processors under contract during their activities; such recipients are bound by secrecy and data protection obligations. The personal data may also be disclosed to further recipients, such as e.g. in the case of enforcement of your legal claims, to the court, consumer protection authority and arbitration board having subject-matter and territorial competence for the case. Personal data may also be disclosed upon request by a public authority, court or other authority. For the ease of comprehension, the processors and recipients to whom your data are transmitted, along with the purpose of transmission, are specifically identified for each data processing operation.
Pursuant to Section 5 (5) of the Privacy Act, we shall review the necessity of mandatory data processing cases based on a legal obligation every 3 years if the relevant law does not specify the duration of processing or a different period of review. In accordance with the same legal provision, we shall retain the documentation on the circumstances and results of the review for ten (10) years following such review.
1. REGISTRATION
1.1. REGISTRATION FOR RETAIL USERS
The controller in respect of the data relating to retail user registration: ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
So that you can register as a retail user on the website, and can create a retail user account in the framework of your registration e.g. for purchasing products more easily. Please note that registration is not necessary for webshop purchases; you may freely decide whether you want to register for your purchase and/or to create a user account within the framework of registration to facilitate your future purchases.
Data subjects: include the retail users who wish to create a retail user account on the website.
What happens if you do not provide the data?
Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to register and create a retail user account. Your email address for the confirmation of your registration, while the password serves to ensure your subsequent secure login to your user account. Your name helps us to identify you. When registering with a social media profile, your profile details are used to identify you. Optional information is required to use the convenience features available with your registration, if you provide it, you will be able to use certain convenience features (e.g. birthday greetings, skin type recommendations).
Manner of erasing the data: We will erase your above personal data following withdrawal of your consent. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.
To whom we may transmit your data: Within the organisation of ILCSI E-Commerce Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:
1.2. REGISTRATION FOR PROFESSIONAL USERS – BEAUTICIANS AND BEAUTICIAN STUDENTS
The controller in respect of the data relating to professional user registration: ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
So that you can register as a professional partner (as a beautician, beautician student or resale partner) on the website if you are one of our partners in your capacity as a beautician or beautician student. Within the framework of professional registration, you receive access to the services offered to our beauticians on our website. Please note that we will verify your eligibility for registration for the professional platform and it will only become active after approval.
Data subjects: include the professional users who wish to create a professional user account on the website.
What happens if you do not provide the data?
Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to register as a professional user. Your first name, surname, entrepreneur name and tax number are necessary for your identification, your phone number for keeping contact, your email address for the confirmation of your registration, while the username and the password serves to ensure your subsequent secure login to your user account. In case of a beautician registration your customer card number and data of the cosmetic salon are necessary in order to verify your eligibility to register for the professional user platform on the Hungarian website; the same purpose is served by business or student status data for non-Hungarian registrations. We kindly ask you to hide any information on the uploaded copy of your diploma that is not relevant for registration. Necessary data of the diploma are: cosmetology qualification, beautician’s name and qualification, certificate number . Please mask on the uploaded copy of the diploma the data that are not relevant for the approval of the registration; the relevant data include: name of the beautician, fact of beautician qualification, certificate number. The optional data are necessary to use the convenience features available with your registration, if you provide them you will be able to use certain convenience features (e.g. birthday greetings, recommendations for skin type).
Manner of erasing the data: We will erase your above personal data following withdrawal of your consent. The copy of your diploma is only requested for presentation while your registration is being checked and we will permanently delete such copy after verification is completed. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.
To whom we may transmit your data: Within the organisation of ILCSI E-Commerce Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:
2. PROVISION OF A USER ACCOUNT, LOGIN TO THE USER ACCOUNT
2.1. PROVISION OF A RETAIL USER ACCOUNT, LOGIN TO THE USER ACCOUNT
The controller in respect of the data relating to login to the retail user account and the provision of the retail user account: ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
If you are a retail user, so that you can log in to your retail user account created during registration and/or use your retail user account e.g. to facilitate your subsequent purchases e.g. by using the repurchase function.
Data subjects: include the retail users who have created a retail account on the website.
You may freely decide which data you upload to your user account (except for the data necessary for the performance of your order and for issuing the invoice), and you can freely edit or even delete your uploaded data later.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data processing administrator.
What happens if you do not provide the data?
Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to use your user account and/or certain relating convenience functions. Your first name and surname and the name to be displayed you have given are necessary for your identification, your email address and your password (in the case of login via a social media account, the same data relating to your profile) serves to ensure your secure login to your user account. Your email address, phone number, delivery and invoicing address, and the optional data (skin type, affiliated beautician, birthday) and the loyalty points are necessary to contact you and for you to be able to use the convenience functions e.g. easier placement of orders, product offers, advice, and offering discounts to you. We already have the data of your current and previous orders, they are made available to you to track your purchase and order and to facilitate future purchases.
Manner of erasing the data: The data will be erased upon your objection or the withdrawal of your consent (deletion of account), where there is no other legal ground for the processing. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.
To whom we may transmit your data: Within the organisation of ILCSI E-Commerce Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:
2.2. PROVISION OF A PROFESSIONAL USER ACCOUNT, LOGIN TO THE USER ACCOUNT
The controller in respect of the data relating to login to the professional user account and the provision of the professional user account: Ilcsi Beautifying Herbs Organic Skin Care Ltd and ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
If you are our partner as a beautician or beautician student, we process your data so that you can use the professional user platform, along with the professional and convenience functions thereof, provided to our professional partners on the website (application to trainings and courses, application for professional events, notification on offers, access to the articles and awareness-raising materials prepared for our partners). On the professional user platform, only services ensured for our professional partners are available.
Data subjects: include the professional users who create a professional user account on the website.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
Providing the above personal data and/or creating the professional account shall be voluntary; if you do not provide such data to us, you will not be able to use your professional user account. Your first name and surname serve for your identification, while the password serves to ensure your secure login to your user account. Your email address and phone number are processed for effective communication with you, while your eligibility data (e.g. customer card number, the fact of being a beautician or beautician student) for the verification of your eligibility. We process optional data (birthday) and data relating to turnover and discounts to enable you to use convenience features. We already have the data of your professional orders and trainings – if any.
Manner of erasing the data: Your above personal data will be erased upon your objection where there is no other legal ground for the processing. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including the deletion of accounts that have been inactive for at least 2 years, on the proviso that before deletion, we request data update; in the framework of that, you may state whether you want to maintain your account.
To whom we may transmit your data: Within the organisation of the Controllers, your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:
3. PURCHASING PRODUCTS IN THE WEBSHOP
The controller with regard to the data in relation to product purchases in the webshop: ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
So that you as a retail user can purchase in the webshop. Please note that registration is not necessary for webshop purchases; you may freely decide whether you want to register for your purchase in the webshop and/or to create a user account within that framework to facilitate your future purchases. Retail and professional users can make purchases in the webshop with the same conditions. The legal safeguards of our data processing in connection with purchases on the website and the use of services consists in the authorisation based on Section 13/A (1) and (2) of Act CVIII of 2001 in respect of your identification data as a natural person, address, the date, place and duration of using our service.
Data subjects: include the persons purchasing and placing orders through the webshop.
What happens if you do not provide the data?
Providing the above personal data is a prerequisite for the conclusion of the contract for the webshop order; if you do not provide such data to us, you will not be able to make a purchase on the website and/or in the webshop. We also need the personal data so that we can perform your order and the services provided to you. Your email address and phone number are necessary for communication and administration regarding the performance of your order, and we need these data to perform the contract. We request the provision of your first name and surname to identify you, and the data of the order and performance (e.g. personal pickup, method of shipment, status and means of payment, discounts, loyalty points) for the purpose of performing the order and applying the discounts, if any, and the order ID and customer ID are generated by us to identify your order and the customer.
Manner of erasing the data: As a rule, your data are erased upon expiry of the above retention period.
To whom we may transmit your data: Webshop purchases are processed by the dedicated staff member of ILCSI E-Commerce Ltd. In connection with the performance of your contract, your personal data may be transferred to the following recipients and processors, for the purposes indicated below:
4. PLACING ORDERS OR SUBMITTING APPLICATIONS ON THE PROFESSIONAL PLATFORM OF THE WEBSITE
The controller with regard to the data relating to orders and applications (e.g. to trainings or events) on the professional platform of the website: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
So that you as a professional user can apply to our professional events, and in particular can participate at further trainings and/or courses, events, shop in the webshop, and also if you as our professional partner conclude a contract with ILCSI. The legal safeguards of our data processing in connection with using the services on the professional platform of the website and the use of services consists in the authorisation based on Section 13/A (1) and (2) of Act CVIII of 2001 of Hungary in respect of your identification data as a natural person, address, the date, place and duration of using our service.
Data subjects: include the professional users who place orders, apply to courses or events, or use a service on the professional platform of the website.
What happens if you do not provide the data?
Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to place orders/send applications on the website and/or we will not be able to perform our services (events, trainings) to you. Your first name and surname are necessary for your identification, and your email address and in some cases your phone number are required in connection with the performance of the service..
Manner of erasing the data: As a rule, these data are erased after the above deadline.
To whom we may transmit your data: With regard to the orders placed and applications submitted on the professional platform of the website, data are processed by the staff member of the Controllers. In connection with the performance of your contract, your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:
5. PAYMENT AND INVOICING, ISSUE OF ACCOUNTING DOCUMENT
5.1. FOR PRODUCT PURCHASES IN THE WEBSHOP
The controller with regard to the data in relation to product purchases in the webshop, including the issue of the relevant invoice: ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
If you make a purchase in the webshop, we process your personal data for the purposes of documenting your purchase and payment, issuing an invoice for the purchase, and fulfilling our accounting obligations. Data beyond the scope of those on the supporting documents for accounting (certain payment data) are also processed based on the contract concluded with us.
Data subjects: include the persons who have made a purchase through the webshop.
Please be informed that payment on our website takes place through the SimplePay by OTP Mobil or through the PayU or Wordline system, and data processing related to the use of the SimplePay, PayU or Worldline online service is governed by SimplePay’s, PayU’s or Worldline’s privacy notice, which we have no means to influence. The card or other payment data provided during your online payment will be checked for IT compliance purposes only and will be automatically transmitted to the payment service provider, deleted or anonymised within the short time limit mentioned above. You will be redirected back to the website from the payment service provider's site when you make the payment transaction on the payment service provider's site. During SimplePay online payment and payment by bank card, the service provider usually requests your following bank card data: name on card, card number, expiry data, issuer bank, CVC/CVV security code. Please always keep your bank card data safe. The following personal data stored by the controller, ILCSI E-Commerce Ltd. (H-1021 Budapest, Üdülő út 37, Hungary), in the user database of https://ilcsi.com/ will be transmitted to OTP Mobil Kft. (H-1093 Budapest, Közraktár u. 30-32, Hungary) as the processor. The categories of data transferred by the controller: name, email, phone number, invoicing address, delivery address. The type and purpose of the data processing activity performed by the processor can be viewed in SimplePay’s Privacy Notice through the following link: http://simplepay.hu/vasarlo-aff. To make a payment in PayU, the service provider performing the independent data processing usually requests the following data: the account holder's name, postal address, telephone number, e-mail address, as well as the invoice number of the invoice to be paid, the registration username and password. PayU's Privacy Policy is available at the following link: https://hungary.payu.com/privacy-portal/. The service provider as individual data controller usually requests your following data for executing payment for executing payment in the Worldline system: name, postal address, telephone, e-mail address of the account owner, and the account number of the invoice to be paid, registered username and password. Privacy Notice regarding data processing of Worldline is available at: https://worldline.com/en/compliancy/privacy.html.
What happens if you do not provide the data?
The data necessary for invoicing shall be provided under law. If you do not provide us with the legally mandatory data, we will not be able to issue the invoice for the purchase; certain data recorded during payment may also form part of the accounting records. The data requested for payment and kept on record are necessary for performance of the contract based on your contractual obligation (for orders, it is your payment obligation). If you do not provide them, you will not be able to transact your payment and/or fulfil your contractual payment obligation. Certain data relating to payment are typically not provided by you; instead, we get to access them upon processing the order.
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: The data relating to purchases in the webshop and invoicing are processed by the staff member of ILCSI E-Commerce Ltd. and, with a view to perform our obligations under law, your personal data will be transmitted to the National Tax and Customs Administration of Hungary and/or its competent office. Your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:
5.2. WITH REGARD TO ORDERS PLACED ON THE PROFESSIONAL PLATFORM OF THE WEBSITE, PROFESSIONAL ORDERS AND USE OF PROFESSIONAL SERVICES
The controller with regard to the data relating to orders and applications (e.g. to trainings, events) on the professional platform of the website: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
If you place an order on the professional platform of the website and/or apply to (not free of charge) training, event or conference, we process your personal data to document your order and/or subsequent payment, to issue an invoice for your purchase and/or use of the service and/or to perform our accounting obligations. Data beyond the scope of those on the supporting documents for accounting (certain payment data) are also processed based on the contract concluded with us.
Data subjects: include the professional users who have placed orders, made a purchase or used services through the professional platform.
For online payment, please read the information in Section 5.1 above.
What happens if you do not provide the data?
The data necessary for invoicing shall be provided under law. If you do not provide us with the legally mandatory data, you will not be able to apply and we will not be able to issue the invoice; certain data recorded during payment may also form part of the accounting records. The data requested for payment and kept on record are also necessary for performance of the contract based on your contractual obligation (for orders, it is your payment obligation). If you do not provide them, you will not be able to transact your payment and/or fulfil your relevant contractual payment obligation. Certain data relating to payment are typically not provided by you; instead, we get to access them upon processing the order.
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: The data relating to purchases in the webshop and/or website and invoicing are processed by the dedicated staff member of the Controllers and, with a view to perform our obligations under law, your personal data will be transmitted to the National Tax and Customs Administration of Hungary and/or its competent office. Your personal data will be transferred to the following recipients and processors, for the purposes indicated below:
6. CUSTOMER SERVICE, QUESTIONS RELATING TO THE PRODUCTS
6.1.CUSTOMER SERVICE, QUESTIONS RELATING TO THE PRODUCTS OR WEBSITE
In relation to the questions relating to information and services provided on the website (not including enquiries regarding the webshop), products displayed on the website, as well as questions and enquiries relating to professional services, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
For the purposes so that we can reply to the enquiries sent by you to the info@ilcsi.com email address as well as your questions sent as a professional user regarding our products and services, your orders and the details thereof. Furthermore, so that you can send us messages, we can receive your messages, can reply to your questions on the merits and, depending on the content of your enquiry, we can contact you in that regard. Please note that, when requesting information and/or contacting our company, you can freely decide about the categories of data you want to provide – certain data, e.g. your email address is necessary so that we can reply to your enquiry.
Data subjects: shall include the persons who have sent a question or enquiry to the above contact information to us.
You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
The provision of the data is a prerequisite of processing the enquiries. If you do not provide the data, we will not be able to process or answer your enquires and/or questions, contact you or communicate with you.
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: Enquiries and/or questions are processed and answered by the dedicated employees within the organisation of the Controllers, and your personal data will also be transmitted to the following recipients, processors, for the purposes specified below:
6.2. WEBSHOP CUSTOMER SERVICE, QUESTIONS
The controller in relation to the questions raised regarding the products and services available, or the orders placed in the webshop: ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
For the purposes so that we can reply to the enquiries sent by you to the ugyfelszolgalat@ilcsi.com or customercare@ilcsi.com email address in relation to the webshop running on the website and the services thereof, as well as your questions sent regarding our products and services, your orders and the details thereof as well as to provide professional advice about products to you. Furthermore, so that you can send us messages, we can receive your messages, can reply to your question on the merits and, depending on the content of your enquiry, we can contact you in that regard. Please note that, when requesting information and/or contacting our company, you can freely decide about the categories of data you want to provide – certain data, e.g. your email address is necessary so that we can reply to your enquiry.
Data subjects: shall include the persons who have sent enquiries or questions in relation to the webshop through the above contact information to us.
You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
The provision of the data is a prerequisite of processing the enquiries. If you do not provide the data, we will not be able to process or answer your enquires and/or questions, or provide professional advice about the products, contact you or communicate with you.
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: Enquiries and/or questions are processed and answered by the dedicated employees within the organisation of ILCSI E-Commerce Ltd., and your personal data will also be transmitted to the following recipients, processors, for the purposes specified below:
7. COMPLAINT HANDLING
7.1. COMPLAINT HANDLING IN CONNECTION WITH PURCHASES IN THE WEBSHOP
The controller in connection with the customer complaints received in relation to webshop purchases is: ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
We process your data so that we can handle and/or investigate the complaints and/or comments of customers or visitors in connection with the webshop and the products offered in the webshop. Furthermore, to identify and/or investigate the complaints relating to orders. Our data processing also serves the purpose to allow you to effectively enforce your consumer rights and/or for the purposes of the relating procedures. The data relating to your complaint are also processed with regard to using the dispute resolution proceedings before arbitration boards and online, and so that we can participate in such proceedings. If your complaint relates to one of our cosmetic products, we also process your data to be able to comply with the complaint handling provisions of the GMP (Good Manufacturing Practice) standards – in such a case, your complaint will be transferred to the product manufacturer within our company group (Ilcsi Beautifying Herbs Organic Skin Care Ltd.) to investigate the complaint.
Data subjects: include the persons who have submitted a complaint in relation to the purchase on the webshop to the controller or who are named in such a complaint.
You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
If you submit a complaint, you determine which data you provide to us – providing the data is voluntary. The data to be included in the complaint report are specified by the consumer protection act. If you do not supply the relevant data to us, you may not be able to exercise your consumer’s rights, or at least not in a full scope, or we will not be able to contact you. This is because if data are missing, we will only be able to partially investigate and/or fulfil your complaint or not at all, and will not be able to effectively participate in arbitration or online dispute resolution. We already have the data of your orders; however, the provision of data can facilitate easier identification and faster administration. For the purposes of GMP compliance, if your complaint concerns a product, we will have the data for completing the GMP complaint form based on your complaint, in case you do not complete such form.
The manner of erasing the data: We will erase your personal data upon expiry of the above relevant deadlines.
To whom we may transmit your data: The dedicated employees of ILCSI E-Commerce Ltd. participate in complaint handling, and your data may be transferred (except in the case of GMP complaint handling) to the authorities with territorial and subject-matter competence, such as arbitration boards and consumer protection authorities. In the event of using the online dispute resolution platform, to the platform and the arbitration board proceeding in the case. Furthermore, the complaints may be transferred – depending on their content – to the attorney performing the legal representation of the ILCSI companies (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal representation). GMP complaints concerning the products are transferred within the company group to the manufacturer, Ilcsi Beautifying Herbs Organic Skin Care Ltd., for the investigation of complaints on the merits.
7.2. COMPLAINT HANDLING IN CONNECTION WITH THE WEBSITE, PROFESSIONAL SERVICES, PRODUCTS
The controller in respect of the complaints received regarding the services provided on the website and services provided to professional partners (beautician, beautician student) is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.
For what purpose are your personal data processed?
We process your data so that we can handle and/or investigate and answer the complaints and/or comments relating to our services and products. Furthermore, to identify and/or investigate the complaints relating to orders. Our data processing also serves the purpose to allow you to effectively enforce your consumer rights and/or for the purposes of the relating procedures. The data relating to your consumer complaint are also processed with regard to using the dispute resolution proceedings before arbitration boards and online, and so that we can participate in such proceedings. If your complaint relates to one of our cosmetic products, we also process your data to be able to comply with the complaint handling provisions of the GMP (Good Manufacturing Practice) standards.
Data subjects: include the persons who have submitted a complaint in connection with the website, professional services and products to the controller or are concerned by the complaint (in regard of the personal data of these persons, the source of the data is the person filing the complaint). Regarding professional users, data subjects may include the natural persons representing them, who submit the complaint on the partner’s behalf.
You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
If you submit a complaint, you determine which data you provide to us – providing the data is voluntary. The data to be included in the complaint report are specified by the consumer protection act. If you do not supply the relevant data to us, you may not be able to exercise your consumer’s rights, or at least not in a full scope, and we will not be able to contact you and communicate with you. This is because if data are missing, we will only be able to partially investigate and/or fulfil your complaint or not at all, and will not be able to effectively participate in arbitration or online dispute resolution. We already have the data of your orders; however, the provision of data can facilitate easier identification and faster administration. For the purposes of GMP compliance, if your complaint concerns a product, we will have the data for completing the GMP complaint form based on your complaint.
The manner of erasing the data: We will erase your personal data upon expiry of the above relevant deadlines.
To whom we may transmit your data: The dedicated employees of Ilcsi Beautifying Herbs Organic Skin Care Ltd. participate in complaint handling, and your data may be transferred (except in the case of GMP complaint handling) to the authorities with territorial and subject-matter competence, such as arbitration boards and consumer protection authorities. In the event of using the online dispute resolution platform, to the platform and the arbitration board proceeding in the case. Furthermore, the complaints may be transferred – depending on their content – to the attorney performing our legal representation.
9. DATA PROCESSING IN CONNECTION WITH TRAININGS AND EVENTS
The controller in connection with the data relating to trainings (including organisation, implementation) is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
If you are our professional partner, we process your data so that you can participate at our trainings and you can complete the courses. Furthermore, so that we can certify that you have completed the trainings, and can issue a certificate to you.
Data subjects: include the professional users who have applied to our trainings.
What happens if you do not provide the data?
Providing the above personal data is a prerequisite for the conclusion and performance of a contract regarding your application and order; if you do not provide such data to us, you will not be able to attend the trainings, we will not be able to notify you in relation to the trainings (e.g. cancellation, new location), and we will not be able to certify your completion of the training by issuing you a certificate.
Manner of erasing the data: Data shall be erased upon expiry of the above retention period.
To whom we may transmit your data: Our dedicated staff member will proceed in connection with ensuring your participation in the trainings. In the internal organisation of the Controllers, access to your personal data is otherwise restricted to authorised and dedicated employees.
In connection with the performance of your contract, your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:
10. DATA PROCESSING IN CONNECTION WITH CONFERENCES AND EVENTS
The controller regarding data processing in relation to events (in particular professional events, appearance): Ilcsi Beautifying Herbs Organic Skin Care Ltd.
For what purpose are your personal data processed?
So that we can ensure your participation in the events we organise free of charge or against payment. In the case of events organised by us, participation is conditional upon application if it is a free event, and upon the payment of the participation fee if there is such a fee. Our events are available for our professional partners.
Data subjects: include the persons who wish to participate and/or actually participate at our events.
What happens if you do not provide the data?
The provision of the data is a prerequisite for registration and participation in the event; if you do not provide the data to us, you will not be able to participate at the event. We ask for your name and contact information (email address, phone number) so that we can identify you and/or can provide you information in relation to the event.
Manner of erasing the data: Data shall be erased upon expiry of the above retention period.
To whom we may transmit your data and/or who may access your data: Your data processed within the framework of contractual performance may be transmitted – if a legal claim arises – to the attorney performing our legal representation (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal representation) and/or to the authorities with territorial and subject-matter competence. Your personal data may be accessed by the dedicated authorised staff members within the internal organisation of Ilcsi Beautifying Herbs Organic Skin Care Ltd. Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:
10.1. RAFFLES OR PRIZE COMPETITIONS AT EVENTS
The controller regarding data processing in relation to events (in particular professional events, appearance), including data processing in relation to raffles or prize competitions: Ilcsi Beautifying Herbs Organic Skin Care Ltd.
For what purpose are your personal data processed?
So as to ensure that you can participate at the raffles or prize competitions organised at our events.
Data subjects: include those who want to participate and/or actually participate at the raffles or prize competitions.
What happens if you do not provide the data?
Providing the data shall be voluntary and is not a prerequisite for participating in the raffle or prize competition. You may decide to participate at the raffle or prize competition without providing us your personal data.
Manner of erasing the data: Data shall be erased upon expiry of the above retention period.
To whom we may transmit your data and/or who may access your data: Your personal data may be accessed by dedicated employees of Ilcsi Beautifying Herbs Organic Skin Care Ltd. authorised to access your personal data within the internal organisation of the company. Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:
11. REPORTING ON EVENTS
The controller with regard to data processing in relation to events (e.g. those organised by us or which we attend as an exhibitor) is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.
For what purpose are your personal data processed?
In connection with the events organised by us and/or which we attend e.g. as a partner or exhibitor, the purpose is to report on these events and/or to promote the event. Please note that certain events may also be covered by the media independently of us.
Data subjects: shall include the persons who may appear in the event records (as part of the crowd).
You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
In the case of non-individual recordings, you do not need to provide data; by entering and attending the event, you make it possible for us to process your data. However, you can notify us (verbally at the event or through one of our contact details thereafter) if you object to the processing of the data.
Manner of erasing the data:
In the case of data processing for legitimate interests, data will be erased upon your objection where there is no other legal ground for the processing.
To whom we may transmit your data: To report on the event, your personal data may be published on the official social media platforms of ILCSI, e.g. Facebook, Instagram, Youtube, and so they may be available to the public. Please note that certain events may also be covered by the media; in such cases they act as independent controllers. Within the internal organisation of Ilcsi Beautifying Herbs Organic Skin Care Ltd., the authorised dedicated employees may access the data to the extent necessary for their work (such as for preparing PR materials). Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:
12. DISPLAY OF ‘ILCSI BEAUTY SALONS’ ON THE WEBSITE, PARTNER CARD, INDIVIDUAL ORDERS THROUGH BUSINESS PARTNER
The controller in regard of data processing in relation to displaying the reference and priority beauty salons / branding partners on the website and individual orders, or data regarding the sales system is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
If you are our partner as a reference or priority beauty salon or branding partner and the email address you provide to us contains personal data, we process the same in order to display your salon as a reference or priority beauty salon or branding partner on the website. Please note that in order to be displayed as a reference, priority or branding partner beauty salon on the website, it is not necessary for you to provide such an email address or other contact information that includes personal data; thus, for example, it is not required to contain your full name. In the event the contact information of the reference or priority beauty salon or branding partner under the ‘Beauty Salons’ menu on the website comes from a source other than you, then the source of the data is: the reference or priority beauty salon where you engage in your activity (in such a case, your personal data are processed in accordance with this Privacy Notice). Data subjects include the beauticians (sole traders, employees, under other work relationship) of the beauty salon displayed on the website.
We process your data in order to get data regarding the sales system and the operation of the sales system of the ILCSI branded products, and so we are able to investigate the fulfilment possibility of an individual order through our business partner (bigger quantity orders, orders violating the rules of sales system) based on storage capacity and rules of such system and provide information about the fulfilment of the order to our sales partner. Further we process some of your data in order to give feedback on your status and agreement of reference beautician or partner beautician to our sales partner for the purpose of creating, extending or renewing a partner card – if you have such a card – issued by our business partner. The source of such data is: Hair-line Kft. (H-2045 Törökbálint, Jázmin utca 1., Hungary, email: adatvedelem@hairline.hu).
Data subjects: include the ones placed individual orders and participants of the sales system.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
Providing the above personal data on the website is your obligations under the partnership agreement; if you do not provide such data to us, you will not be able to appear on the website. You are not required to provide an email address that contains personal data. If the data were not provided by you, the source of the data is the reference or priority beauty salon employing you. The publication of photographic images of you is not a condition for your presence on the website, nor is it subject to any contractual obligation, and is therefore voluntary and subject to your consent.
Manner of erasing the data: Your above personal data will be erased after the deadline defined above.
To whom we may transmit your data: Your data may be accessed by authorised employees within the Controllers’ organisation. Please note that your personal data included in the beauticians list on the website will be available to the public. Your data will be transferred to the following recipients and processors, for the purposes indicated below:
13. CUSTOMER SATISFACTION SURVEYS
In the case of purchases in the webshop, regarding the data relating to customer satisfaction surveys, the controller is: ILCSI E-Commerce Ltd.
Regarding the data relating to satisfaction surveys in connection with the services provided to professional partners, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.
Please be informed that each of the above Controllers qualifies as an individual controller in terms of its data processing in relation to the above customer surveys.
For what purpose are your personal data processed?
So that the Controllers can receive feedback from their customers regarding their satisfaction with the purchased products and services, and what changes or modifications they would recommend. Furthermore, so that the Controllers can receive feedbacks and opinions that are important for its company group e.g. for the further development of products. Please note that the completion of the satisfaction surveys shall be voluntary.
Data subjects: include the persons who participate in the customer satisfaction surveys.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may notify the given controller thereof via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
We already have the above personal data. Completing the survey shall be voluntary.
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: The data may be accessed by the authorised dedicated employees within the Controllers’ organisation, and the data may also be transferred to the following recipients, processors, for the following purposes:
14. STOCK MONITORING SERVICE
Regarding the data relating to the provision of the stock monitoring service (related to the webshop), the controller is: ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
So that we can send you a notification of product availability if it was out of stock. You may freely decide whether you want to be notified of product availability.
Data subjects: include the persons who use the stock monitoring service available on the website.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
Providing the data shall be voluntary; if you do not provide your email address, we will not be able to notify you if the product is in stock.
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: The dedicated employees within the organisation of ILCSI E-Commerce Ltd. have access to the personal data. Your personal data will be transferred to the following recipients and processors, for the purposes indicated below, in order to provide this service:
16. ENQUIRIES RELATING TO PROCESSING
Regarding the enquiries relating to the data processing operations of Ilcsi Beautifying Herbs Organic Skin Care Ltd., the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.
Regarding the enquiries relating to the data processing operations of ILCSI E-Commerce Ltd., the controller is: ILCSI E-Commerce Ltd.
Please be informed that each of the above Controllers qualifies as an individual controller in terms of their processing operations relating to data processing enquiries.
For what purpose are your personal data processed?
So that the Controllers can provide you the opportunity – in a documented manner – to exercise your rights as described in the ‘Your rights and how to enforce them’ chapter. Furthermore, so that – as regards your rights – they can comply with the principle of accountability required from them under the GDPR. After the death of a person affected by the Controllers’ data processing – having regard to the authorisation of recital (27) in the GDPR – in order to ensure the possibility of enforcing rights related to personal data pursuant to Section 25 of the Privacy Act. You may freely decide which personal data you provide to us in your enquiry or while exercising your right; however, if data are missing, we may not be able to fulfil your enquiry or request. Data subjects include the persons sending enquiries in relation to our data processing.
Data subjects: are the users who send enquiries or comments regarding the Controllers’ processing operations or wish to exercise their rights as data subjects.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
The provision of the data may be a prerequisite of processing your enquiry, and your name is necessary for identification. If you do not provide these, the Controllers may not be able to process your enquiry completely, or not at all. In the case of exercising the rights of the deceased person affected by data processing, the data (declaration made to the Controllers, death certificate, court decision, public deed certifying identity and/or the close relative status) are necessary under Section 25 (1) and (4) of the Privacy Act. Please note that when requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: Your personal data may be accessed by the Controllers’ dedicated employees, and the data may be transferred to the competent authority or court, or to the Controllers’ legal representative (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal advisory).
Certain of your data may be transferred to the other member of the group of undertakings, other than the controller, for administrative purposes:
17. FULFILMENT OF THE OBLIGATIONS IN RELATION TO PERSONAL DATA BREACHES
Regarding data processing by Ilcsi Beautifying Herbs Organic Skin Care Ltd. in relation to personal data breaches, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.
Regarding data processing by ILCSI E-Commerce Ltd. in relation to personal data breaches, the controller is: ILCSI E-Commerce Ltd.
Please be informed that each of the above Controllers qualifies as an individual controller in terms of their processing operations relating to personal data breaches.
For what purpose are your personal data processed?
So that if necessary, the Controllers can notify you of any personal data breach, notify the data protection authority of such notification, and can document that such notification has been sent. The Controllers’ notification obligation on the personal data breach is based on Article 34 of the GDPR, according to which the Controllers shall communicate the personal data breach to the data subject when the personal data breach is likely to result in a high risk to his or her rights and freedoms and/or if the supervisory authority (NAIH – Hungarian National Authority for Data Protection and Freedom of Information) ordered the Controllers to do so. The notification shall not be required in the cases regulated in Article 34(3) of the GDPR. Furthermore, we also process your personal data you provide to us for this purpose, so that we can comply with our obligation to notify and document personal data breaches in accordance with Article 33(5) of the GDPR – the personal data breach records contain your data anonymously (e.g. the approximate number of data subjects, categories of data concerned). The official notification is made on the notification form provided by the authority.
Data subjects: are the users whose data were affected by the personal data breach detected at the Controllers.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
There is no need to provide any data; we already have them.
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: Your personal data may be accessed by the dedicated employees within the Controllers’ organisation, and the data may be transferred to the supervisory authority (NAIH) and/or to the Controllers’ legal representative (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal representation) or to a consultant or a data processor involved in the handling of the incident. Certain of your data may be transferred to the other member of the group of undertakings, other than the controller, for administrative purposes:
18. ENFORCEMENT OF LEGAL CLAIMS
Regarding data processing by Ilcsi Beautifying Herbs Organic Skin Care Ltd. in relation the enforcement or defence of legal claims, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.
Regarding data processing by ILCSI E-Commerce Ltd. in relation the enforcement or defence of legal claims, the controller is: ILCSI E-Commerce Ltd.
Please be informed that each of the above Controllers qualifies as an individual controller in terms of their processing operations relating to the enforcement of legal claims.
For what purpose are your personal data processed?
So that the Controllers can enforce their legal claims and defend themselves against the claims asserted against the Controllers.
Data subjects: include the persons concerned by the relevant legal dispute.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
You do not need to provide any data, as the Controllers already have them; they received such data from you or the competent e.g. consumer protection authority, court or other authority in connection with your claim (e.g. consumer complaint, action filed).
The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.
To whom we may transmit your data: Your personal data may be accessed by the dedicated employees within the Controllers’ organisation. Your personal data may be transferred to the competent authority, court, public body or bailiff and/or to the Controllers’ legal representative (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal representation).
Certain data concerning you may be transferred to the other member of the group of undertakings, other than the controller, for administrative purposes:
20. CONSULTATION, SERVICE DEVELOPMENT, QUALITY ASSURANCE
The controller in respect of the data relating to consultation is: Ilcsi Beautifying Herbs Organic Skin Care Ltd. and ILCSI E-Commerce Ltd.
Please note that the chat consultation is provided not by ILCSI, and ICSI is solely responsible for making available the chat platform. Consultation is provided by the beautician professional providing the answers, who qualifies as an individual controller. We recommend you seek information as to personal data processing by the beautician professional prior to using the service. The personal data collected in the context of the consultation will be processed independently by the Controllers for the following purposes:
For what purpose are your personal data processed?
Processing of data is carried out for the purposes of improving the products and services of the Controllers and quality assurance. In the course of the processing, the Controllers record and analyse the data provided in the context of the consultancy. The data of the conversation are stored and processed by the Controllers in such a way that they are not in themselves personally identifiable and are not linked to other personal data.
Data subjects: include the users initiating the consultation available on the website and/or participating in the same.
What happens if you do not provide the data?
Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to participate in the consultation service and we cannot analyse your data. Your name and email address will only be requested for contact purposes by the beautician professional providing the advice when there is no live chat on the website (chat indicates offline status). This way you can send your question to the beauty professional and he/she will answer it later by email. You only need to enter your Messenger details if you want to switch from the chat forum to Messenger and continue the conversation there.
Manner of erasing the data: We will erase your above personal data upon expiry of the above deadline.
To whom we may transmit your data: Within the organisation of the Controllers, your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, other recipients for the purposes specified below:
21. CONTRACTUAL CONTACT PERSONS
The controller is the contracting company: Ilcsi Beautifying Herbs Organic Skin Care Ltd. or ILCSI E-Commerce Ltd.
For what purpose are your personal data processed?
Processing of data is carried out in connection with the conclusion of a contract with us. During processing, the data of the natural persons included in the contract will be processed with the objectives of concluding and performing the contract, administration relating to the performance of the contract and for communication purposes.
Data subjects: Natural persons included in the contract.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data? Please note that if you are our contracted partner in your capacity as a natural person or sole trader, the conclusion of the contract is conditional upon you providing the personal data, in the case of a sole trader, the data are also included in a public database. If our contractual partner is a company or organization represented by you, it shall be mandatory for contracting parties to provide their data regarding representation, as it is not possible to conclude the relevant contract in lack of such data; however, these data are also available from public databases. Under the relevant contract the contracting parties are also required to provide their respective contact persons’ data in order to facilitate contractual performance, keeping contact, assigning the tasks related to the contract; in lack of such data, performance of the contract may even become impossible. Providing the above personal data is not required by law.
Manner of erasing the data: We will erase your above personal data upon expiry of the above deadline if there is no other valid legal basis for further data processing.
To whom we may transmit your data: Within the organisation of the Controllers your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, other recipients for the purposes specified below:
LINKS TO OTHER WEBSITES
Please note that for your convenience and to provide you more comprehensive information we may include links and/or menus to other websites. These websites and blogs operate independently of us, they have their own privacy policies for data processing, and we have no influence on these. You are recommended to also read the privacy notices of any such website you visit.
ACCESS TO DATA, DATA SECURITY MEASURES
The Controllers will do everything in their power to take care of the security of your personal data in compliance with Article 32 of the GDPR. In addition to that, the Controllers will take the technical and organisational measures and have in place the procedural rules as necessary to comply with the GDPR and other relevant data protection and confidentiality regulations.
The Controllers guarantee the appropriate level of data security in the following manner: your data are stored in a secure technical environment, they are accessible only by authorised persons (our staff members after appropriate identification), we use encryption for your electronically stored data, the natural persons with access to the personal data may process the personal data only in line with the Controllers’ instructions; we ensure that data integrity can be certified, we protect your data from unauthorised access and, with a view to that, we apply security measures, for data transfers we use encryption with an appropriate technical solution, and we test, evaluate and correct our security measures. Personal data breach: If a breach takes place concerning your data, after becoming aware thereof, we will do everything in our power to mitigate the risks. If such an event takes place concerning your data which, in spite of the protection measures taken by the Controllers (or their processor), is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority thereof without delay (including any steps you can take).
DATA TRANSFER TO A THIRD COUNTRY
Personal data may only be transferred to a third country if the third country in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.
Currently, the data are transferred to the following controllers and processors to the following third countries outside the EU, for the following purposes:
YOUR RIGHTS AND HOW TO ENFORCE THEM
You shall have the following rights in connection with your personal data processed by us:
1. Right of access
2. Right to rectification
3. Right to erasure
4. Right to restriction of processing
5. Right to data portability
6. Right to object
7. Right to withdraw consent
8. Exercise rights after death
You shall have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, about the following: what personal data are processed (in what categories), for what purpose, for how long, and the recipients of such data. Furthermore, you can to request information as to what rights you have in connection with processing i.e. that you may request the erasure, restriction of processing of personal data, the rectification of data, and may object to processing. Furthermore, you shall have the right to file a complaint with the supervisory authority (Hungarian National Authority for Data Protection and Freedom of Information, Nemzeti Adatvédelmi és Információszabadság Hatóság, registered office: H-1055 Budapest, Falk Miksa utca 9-11., website: www.naih.hu, phone number: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu). Where the personal data have not been collected from you, you may request information as to their source.
You may request that your personal data be rectified, corrected or made accurate, if they have changed or have been wrongly recorded. If your data have been recorded incompletely, you may also request their completion by means of a supplementary statement.
You shall have the right to obtain the erasure of personal data concerning you where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which we have collected or processed them
- you withdraw consent on which the processing is based, and there is no other legal ground for the processing
- you object to the processing and there are no overriding legitimate grounds for the processing
- we have processed the personal data unlawfully
- the data have to be erased for compliance with a legal obligation
- in relation to services directly offered to children.
Where we have made the personal data public, we shall take reasonable steps to inform controllers which are processing the personal that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Please note that we will not be able to fulfil your erasure request if the data are necessary for the establishment, exercise or defence of legal claims; the erasure would restrict the exercising of the right of freedom of expression and information; or if a legal obligation applicable to us (or purposes in the public interest, scientific or historical research purposes or statistical purposes) requires us to act contrary to the request.
You shall have the right to obtain from us restriction of processing where one of the following applies:
- you do not think that the personal data are accurate; in such a case restriction applies to a period enabling us to verify the accuracy of the personal data
- the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead
- we no longer need the personal data, but they are required by you for the establishment, exercise or defence of legal claims
- you object to processing, in such a case restriction applies pending the verification whether our legitimate grounds override your legitimate grounds
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We shall inform you about those recipients if you request it.
You shall have the right to receive the personal data we process concerning you, and have the right to transmit (or have us transmit upon your instruction) those data to another controller specified by you, if processing is based on your consent or the performance of a contract, and is carried out by automated means. Portability shall be without prejudice to the rights and freedoms of others, and to the right of erasure (right to be forgotten).
You shall have the right to separately object to processing of personal data concerning you which is based on the Controllers’ legitimate interest, public interest, or is carried out in the exercise of official authority, including profiling. Please note that we perform profiling according to “Profiling” section of this Privacy Notice. In such cases we shall no longer process your personal data unless processing is justified by compelling legitimate grounds which override your interests, rights and freedoms or are necessary for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. After such objection, we may no longer process the data.
You shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Pursuant to the Hungarian Privacy Act: Within five years of the death of the data subject, the following rights may be enforced in relation to the data of the deceased person by a person authorised to do so by the data subject in the form of an administrative disposal or a declaration made at the Controllers and incorporated in a public deed or a private deed of full probative value: right of access, rectification, erasure, restriction and objection. If the data subject has made more than one declaration, the declaration of the later date may be used to enforce the rights. If the data subject has not made an administrative disposal or a declaration at the Controllers, his or her close relative according to the Civil Code first contacting the Controllers may demand rectification or object to processing, and – if the processing had already been unlawful in the life of the data subject or if the purpose of processing terminated upon the death of the data subject – demand erasure or the restriction of processing of the deceased person’s data within five years of the death of the data subject. Upon request, the Controllers shall inform the data subject’s close relative on the measures taken, unless the data subject had prohibited it.
The person enforcing the data subject’s rights shall verify the fact and the date of the data subject’s death with a death certificate or with a court decision, as well as his own personal identification, together with his status as a close relative, with a public deed, in accordance with the law.
The following means of legal enforcement and remedies are available to you in connection with our processing of your personal data:
1. You may contact us
2. You may enforce your right to file a complaint
3. You may turn to court
4. You may demand compensation
If you have a complaint in relation to data processing or wish to exercise your rights, you can use our following contact information for that purpose:
Email: adatvedelem@ilcsi.com
Mailing address: H-1021 Budapest, Üdülő út 37., Hungary.
We shall inform you without undue delay and at the latest within one month of receipt of the request of any measures taken further to your request, or of the reasons for not taking action. That period may be extended by two further months if the request is complex or a high number of requests is received. We will provide the information by electronic means where possible. Information and any actions taken shall be provided free of charge, unless the requests are manifestly unfounded or excessive, in particular because of their repetitive character. In such cases we may charge a reasonable fee or refuse to act on the request. We may request the provision of information necessary to confirm your identity in connection with the request. A copy of your personal data processed by us may also be requested free of charge for the first time; for any further copies, we shall charge a fee corresponding to administrative costs.
If you believe that our data processing does not comply with the law, you may lodge a complaint to the supervisory authority; you can also lodge a complaint to the supervisory authority if we fail to act upon your request without delay but within no more than a month of receipt of the request and/or we fail to notify you of the reason of the delay. The main supervisory authority of the Controllers’ headquarters in Hungary is the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság), with its registered office at: H-1055 Budapest, Falk Miksa utca 9-11., website: www.naih.hu, phone number: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu.
You have the right to turn to court: (i) against the binding decision passed by the supervisory authority concerning you, (ii) if we fail to act upon your request without delay but within no more than a month of receipt of the request and/or we fail to notify you of the reason of the delay, (iii) if the supervisory authority neglects your complaint, has rejected your complaint although you think it was justified, or completely fails to notify you of the developments and results regarding your complaint within three (3) months, (iv) without prejudice to your right to complaint, you may turn to court if you believe that your rights under the GDPR have been violated as the processing of your data did not comply with the GDPR. Proceedings against a Controllers shall be brought before the courts of the Member State where the Controllers have an establishment (Hungary). Alternatively, such proceedings may be brought before the courts of the Member State where you have your habitual residence.
If you have suffered material or non-material damage (grievance award) as a result of violation of the GDPR, you are entitled to compensation from the Controllers or the processor for any damage suffered. We shall be exempt from liability if we prove that we are not in any way responsible for the event giving rise to the damage.
LEGAL BACKGROUND FOR PROCESSING
The Controllers process your personal data under the following laws:
1. REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’)
2. Hungarian law: Act CXII of 2011 on Informational Self-Determination and Freedom of Information (‘Privacy Act’)
3. Hungarian law: Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Business Advertising Activities (‘Business Advertising Act’)
4. Hungarian law: Act V of 2013 on the Civil Code of Hungary (‘Civil Code’)
GOVERNING LAW AND OTHER PROVISIONS
This Privacy Notice shall be governed by the laws of Hungary.
Should the laws in effect in your country impose rules on the parties which are more stringent than those in this Privacy Notice, you shall be obliged to comply with those more stringent rules. You, however, acknowledge and accept that the Controllers’ liability is based on the laws governing this Privacy Notice, and that, to the greatest extent permissible under the relevant laws and court decisions, it excludes its liability for not complying with the provisions applicable in the user’s country.
The headings herein are for convenience only; in themselves they are not sufficient to understand the details of processing. Should you have any questions not clearly answered in this Privacy Notice, please feel free to notify us thereof via the adatvedelem@ilcsi.com email address.
Ilcsi Beautifying Herbs Organic Skin Care Ltd. / ILCSI E-Commerce Ltd. / Jambrik Law Firm
15. DATA PROCESSING IN RELATION TO OUR SOCIAL MEDIA ACCOUNTS
With regard to data processing in relation to the official social media accounts (Instagram, Facebook, Youtube) of the company group, the controller is: Ilcsi Beautifying Herbs Organic Skin Care Ltd.
For what purpose are your personal data processed?
In order to operate the official social media platforms, so that we can customise our social media platforms according to customers’ demands. We process your data (as a data subject) on our social media platforms if you like or follow us, post comments or opinions or share something on our official social media platforms.
Please note that you have provided your data to the service provider operating the social media platform in question (e.g. Facebook, Instagram, Youtube), and not to us directly. Please note that the processing operations carried out by these social media sites is governed by their own privacy policies. Please remember that the contents posted on any of our official social media platforms may often be publicly available, and so be careful about what personal data you provide. Please also note that our data processing as specified in this Section applies to our official social media platforms – we have no impact on any other social media fan pages or platforms relating to the ILCSI products/brand etc.
Data subjects: users who use our social media platforms.
OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controllers’ name and contact details’ chapter or by notifying it to our data protection administrator.
What happens if you do not provide the data?
You may freely decide which data you provide on the given social media platform. We do not dispose over the data; you as the user of the given platform provide and dispose over the data. Providing the personal data is not essential for the use of the given social media platform.
The manner of erasing the data: Ilcsi Beautifying Herbs Organic Skin Care Ltd. has no influence on the above data; you can modify and/or delete them in your social media profile.
To whom we may transmit your data: The data relating to your social media activity will become known to the social media platform provider (Facebook, Instagram, Youtube) as well. Social or other content sharing websites: Please note that such social media platforms are governed by their own privacy policies, and Ilcsi Beautifying Herbs Organic Skin Care Ltd. assumes no liability in connection with that.
Within the organisation of Ilcsi Beautifying Herbs Organic Skin Care Ltd., only dedicated employees have access to personal data. Certain of your data may be transferred to the member of the group of undertakings for administrative purposes: