Politique de confidentialité

INTRODUCTION

This Privacy Policy contains the conditions related to the data management of the http: //
ritaholistic.com (hereinafter: website) operated by Zefir Bt.
Zefir Bt. Is committed to the protection of the personal data of its customers and partners,
and considers it extremely important to respect the right of its customers to information
self-determination. Zefir Bt. Treats personal data confidentially and takes all security,
technical and organizational measures that guarantee the security of the data.
The data protection guidelines arising in connection with the data management of Zefir Bt.
Are continuously available at www.ritaholistic.com.
Zefir Bt. Reserves the right to change this guidelines at any time. Customers will be notified
of any changes.
The owner and operator of the website, and thus the data controller is Zefir Bt.
The Data Controller describes his data management principles below:
Our privacy policies are consistent with the privacy policies of the
national and EU legislation, in particular:

  • 2011 CXII. Act on the Right to Information Self-Determination and Freedom of Information
    (Info Act);
  • the General Data Protection Regulation of the European Union (Regulation 679/2016,
    hereinafter: GDPR);
  • Act V of 2013 – on the Civil Code (Civil Code);
  • 1997 CLV. Act on Consumer Protection (Fgytv.);
  • Act C of 2000 – on Accounting (Act on Accounting);
  • Act C of 2003 – on electronic communications (Eht.);
    Applied concepts:
  • data subject: any natural person identified or identifiable, directly or indirectly, on the basis
    of personal data;
  • personal data: data which may be contacted by the data subject, in particular his or her
    name, identification mark and knowledge of one or more physical, physiological, mental,
    economic, cultural or social identities, and the conclusion which may be drawn from the data
    subject;
  • consent: the voluntary and firm expression of the data subject’s will, based on adequate
    information and giving his or her unambiguous consent to the processing of personal data
    concerning him or her in full or in part;
  • protest: a statement by the data subject objecting to the processing of his or her personal
    data and requesting the termination of the processing or the deletion of the processed data;
  • controller: the natural or legal person or entity without legal personality who, alone or
    together with others, determines the purpose for which the data are processed, makes and
    implements decisions on data processing (including the means used) or implements them
    with the processor;
  • data management: any operation or set of operations on data, irrespective of the procedure
    used, in particular their collection, recording, recording, systematisation, storage, alteration,
    use, interrogation, transmission, disclosure, coordination or aggregation, blocking, erasure
    and destruction, and to prevent further use of the data, to take photographs, sound or
    images and to record physical characteristics (eg fingerprints or palm prints, DNA samples,
    irises) that can be used to identify the person;
  • data transfer: making the data available to a specific third party;
  • data processing: the performance of technical tasks related to data management
    operations, regardless of the method and means used to perform the operations and the
    place of application, provided that the technical task is performed on the data;
  • data processor: a natural or legal person or an organization without legal personality who,
    on the basis of a contract, including a contract concluded on the basis of a provision of law,
    processes data.
  1. DATA OF THE DATA CONTROLLER AND DATA PROCESSORS:
    1.1 Data and contact details of the data controller:
    Company name: Zefir Bt.
    Head office: 1046 Budapest Eötvös J. 26.
    Website: https://www.ritaholistic.com
    Email: inforitaholistic@gmail.com
    Tax number: 28650670-2-41
    Company registration number: 01 06 511006
    Phone number: +36 20 967 3809
    Privacy requests: If you have any requests or questions regarding data processing, you can
    send your request by post or electronically to the following addresses:
    1046 Budapest Eötvös J. 26.
    inforitaholistic@gmail.com
    We will send our answers without delay, but within 30 days to the address you requested.
    1.2. Personal data may be transferred to the following organizations for data processing:
    Hosting provider
  2. Activity performed by data processor: Hosting service
  3. Name and contact details of the data processor:
    GoDaddy Operating Company, LLC
    Head office: 14455 N. Hayden Rd., Ste. 226
    Scottsdale, AZ 85260 EE. UU.
    Email address: HQ@godaddy.com
    Website: http://godaddy.com
  4. Fact of data management, scope of data processed: Provided by the data subject on the
    website
    all personal information.
  5. Stakeholders: All stakeholders who use the website.
  6. The purpose of data management: To make the website available and to operate it
    properly.
    Accounting tasks, invoicing
  7. Activity performed by a data processor: accounting tasks, invoicing
  8. Name and contact details of the data processor: Zefir Bt.
    Head office: 1046 Budapest Eötvös J. 26.
    Website: https://www.ritaholistic.com
  9. The fact of data management, the scope of the managed data: Billing name, Billing
    address, Delivery name, delivery address, data related to invoicing and payment.
  10. Stakeholders: All stakeholders who use the service after contact.
  11. Purpose of data management: Issuance of invoices / performance of accounting tasks in
    accordance with legal regulations.
  12. Duration of data management, deadline for deleting data: in the case of accounting
    documents, these data must be retained for 8 years pursuant to Section 169 (2) of the
    Accounting Act.
  13. PRESENTATION OF DATA MANAGEMENT ACTIVITIES
    2.1. The scope of personal data managed by Zefir Bt., The purpose, title and duration of the
    data processing:
    Personal data may only be processed for a specific purpose, in order to exercise a right and
    fulfill an obligation. Only personal data that is absolutely necessary for the realization of the
    purpose of data processing and suitable for the achievement of the purpose may be
    processed.
    Personal data may only be processed to the extent and for the time necessary to achieve
    the purpose.
    We will only process your personal data in accordance with applicable legal regulations and
    this document, with your express consent.
    The personal data you provide will not be verified by the Data Controller. You are solely
    responsible for the accuracy of the information provided. When you enter your e-mail
    address, you are also responsible for ensuring that only you use the service from the e-mail
    address provided.
    The data management of Zefir Bt.’s activities is primarily based on voluntary contributions.
    However, in the cases specified in the relevant legislation, the law stipulates an obligation to
    handle, store and transmit a set of the provided data. In such a case, we will inform the data
    subject directly.
    2.2 Data management of Zefir Bt
    2.2.1 Sending an online message, contacting, keeping in touch
    Purpose of data management: contact, personalized service of data subjects Legal basis of
    data processing: voluntary consent of the data subject.
    2.2.2 Issuance and storage of the invoice after using the service
    On the website https://www.ritaholistic.com it is possible to send a direct online message to the
    Data Controller by filling in the form available there, requesting a price offer or other
    information related to the services provided by the Data Controller.
    Scope of managed data by filling in the form available on the website: name, e-mail address,
    data provided by the data subject in the message
    Duration of data processing: the data recorded in connection with the completion of the form
    will be deleted no later than 30 days after the first personal meeting, or in the absence of a
    personal meeting no later than 1 year after the communication.
    The purpose of data management: to document the service and the payment, to fulfill the
    accounting obligation according to the legal regulations.
    Legal basis for data processing: Article 6 (1) (c) of the GDPR states that data processing is
    lawful if it is necessary for the fulfillment of a legal obligation to the controller. Pursuant to
    Section 169 (2) of the Accounting Act, the accounting document supporting the accounting
    accounts directly and indirectly, including the account, must be kept for at least 8 years.
    Scope of managed data: name, address, tax number.
    Duration of data management: 8 years from the date of issue of the invoice.
    2.2.3. Customer contact and other data management
    The Data Controller ensures that its customers and interested parties can contact us by
    phone or e-mail.
    Legal basis for data processing: voluntary consent of the data subject.
    The Data Controller shall delete the data provided by customers, who do not use the
    service, together with their name and e-mail address, as well as other personal data
    voluntarily provided, no later than 3 months.
    The Data Controller deletes the data (name, e-mail address and telephone number)
    recorded on the basis of voluntary consent for the purpose of contacting the customers using
    the service, no later than 1 year after the end of the use of the service.
    We store and use your information in accordance with this information when you contact us
    by e-mail or when you send us information in some other form and as a result your
    information is sent to us.
    When we transfer your personal data to a data processor, the Data Controller is responsible
    for complying with the legal regulations related to this data processing. Therefore, we will
    only transfer your data to service providers and partner companies with whom we have
    entered into a data processing contract and who undertake to protect the personal data
    received in this contract.
    Data subjects not listed in this prospectus will be notified to the data subject at the time of
    data collection. We hereby inform our clients that the court, the prosecutor’s office, the
    investigating authority, the infringement authority, the administrative authority, the National
    Data Protection and Freedom of Information Authority (NAIH) and other bodies authorized
    by law may contact the data controller to provide information, delete data and transfer
    documents. . If the authority has indicated the exact purpose and scope of the data, the Data
    Controller shall release personal data only to the extent that is absolutely necessary for the
    realization of the purpose of the official request.
    2.3. Use of cookies
    In order to provide customized service on the website of https://www.ritaholistic.com, the Data
    Controller installs a small data package on the user’s computer, the so-called places a
    cookie and reads it back at a later visit. If the browser returns a previously saved cookie, the
    cookie provider has the option to link the user’s current visit to the previous ones, but only for
    their own content. The cookie contains a clear letter / number combination that identifies the
    browser you are using. These cookies are only temporarily stored on your computer and are
    only transferred to the IT tools of the Data Controller when you visit our pages.
    The purpose of this type of data management is to identify and differentiate between users,
    to identify the current workflow of users, to store the data provided during it, to prevent data
    loss, and to perform web analytics measurements. You can check, delete and determine the
    way cookies are stored on your computer using your browser settings.
    Cookies are used with the consent of the data subject.
    The scope of the managed data: identification number, date, time, the previously visited
    page.
    Duration of data management: the period until the end of the relevant visitor session.
    You may disable the use of cookies in your browser, as this may mean that some features of
    the websites marked here are not available to you at all.
    2.4. Log Files
  • the IP address of the device used by the user,
  • the website from which the user visits us (link location),
    When a user visits our website, we store the following technical information in so-called log
    files for security reasons:
  • the time and duration of your visit to our website,
  • type and settings of the browser and operating system used by the user.
  1. DATA SECURITY
    (a) accessible only to authorized persons (availability);
    b) its authenticity is ensured (authenticity of data management);
    (c) its integrity can be demonstrated (data integrity);
    (d) be protected against unauthorized access (data confidentiality).
    (a) confidentiality: it protects the information so that only those who have access to it can
    access it; as well as provides
  2. RIGHTS OF STAKEHOLDERS
    4.1. Right to information:
    We store data for up to 30 days as a technical precaution to protect our data processing
    system from unauthorized access.
    The Data Controller selects and operates the IT tools used to manage personal data during
    the provision of the service in such a way that the managed data:
    The Data Controller ensures the protection of the security of data management with
    technical and organizational measures that provide a level of protection appropriate to the
    risks related to data management. The Data Controller retains it during data management
    (b) integrity: protects the accuracy and completeness of the information and the method of
    processing;
    (c) availability: ensuring that, when the authorized user needs it, he has effective access to
    the information required and that the means to do so are available. The IT system and
    network of the Data Controller are protected against computer-assisted fraud, espionage,
    sabotage, vandalism, fire and flood, as well as against computer viruses and computer
    intrusions. The operator ensures security with server-level and application-level protection
    procedures. In relation to your personal data, the data subject has the rights specified by
    law.
    The data subject may request information on the processing of his / her personal data and
    request the correction or deletion of his / her personal data, with the exception of mandatory
    data processing, exercise his / her right to carry data and protest in the manner indicated at
    the time of data collection.
    The data subject may request information on the processing of his / her personal data, he /
    she is not obliged to justify his / her request.
    The Data Controller shall endeavor to obtain all information specified in Articles 13 and 14 of
    the GDPR and Articles 15 to 32. and 34 shall provide all relevant information in a concise,
    transparent, comprehensible and easily accessible form, in a clear and comprehensible
    manner, to the data subject.
    4.2. The data subject’s right of access:
    The data subject has the right to receive feedback from the data controller as to whether the
    processing of his or her personal data is in progress and, if such data processing is in
    progress, he or she has the right to access the personal data and the following information:
    purposes of data processing; the categories of personal data concerned; the recipients or
    categories of recipients to whom the personal data have been or will be communicated,
    including in particular recipients in third countries or international organizations; the intended
    period for which the personal data will be stored; the right to rectify, erase or restrict data
    processing and to protest; the right to lodge a complaint with the supervisory authority;
    information on data sources; the fact of automated decision-making, including profiling, and
    comprehensible information on the logic used and the significance of such data
    management and the expected consequences for the data subject. The controller shall
    provide the information no later than one month after the submission of the request.
    4.3. Right of correction:
    The data subject may request the correction, correction or supplementation of the personal
    data managed by the Data Controller.
    4.4. Right to delete and forget:
    In the event of any of the following cases, the data subject has the right to have the personal
    data concerning him or her deleted by the Data Controller without undue delay:
  • personal data are no longer required for the purpose for which they were processed,
  • the data subject withdraws his or her consent, which is the legal basis of the data
    processing, and the data processing has no other right,
  • the data subject objects to the processing of his or her data and there is no other legitimate
    overriding reason for the processing,
  • personal data have been processed unlawfully,
  • personal data must be deleted in order to comply with a legal obligation imposed on the
    controller by Union or Member State law.
    Deletion of data may not be initiated if the processing is necessary: for the purpose of
    exercising the right to freedom of expression and information; for the purpose of fulfilling an
    obligation under Union or Member State law governing the processing of personal data or
    performing a task carried out in the public interest or in the exercise of official authority
    vested in the controller; in the field of public health, or for archival, scientific and historical
    research or statistical purposes, in the public interest; or to bring, assert or defend legal
    claims.
    4.5. Right to restrict data processing:
    At the request of the data subject, the Data Controller shall restrict the data processing if, in
    the case of one of the following conditions:
  • the data subject disputes the accuracy of the personal data, in which case the restriction
    shall apply for the period during which the personal data are checked,
  • in the event of unlawful data processing, the data subject opposes the erasure of the data
    and instead requests that their use be restricted,
  • the controller no longer needs the personal data for the purpose of processing the data, but
    the data subject requests them in order to make, enforce or protect legal claims, or
  • the data subject has objected to the processing, in which case the restriction shall apply for
    as long as it is established whether the legitimate reasons of the controller take precedence
    over the legitimate reasons of the data subject.
    Where processing is restricted, personal data other than storage may be processed only
    with the consent of the data subject or for the purpose of bringing, enforcing or protecting
    legal claims or protecting the rights of another natural or legal person in the important public
    interest of the Union or a Member State.
    The Data Controller shall inform the data subject in advance of the lifting of the restriction of
    data management.
    4.6. Right to carry data:
    The data subject is entitled to receive the personal data provided by the data controller:
  • in an articulated, widely used, machine-readable format,
  • authorized to transfer to another controller,
  • request the direct transfer of data to the other controller – if this is technically feasible.
    4.7. Right to protest:
    The data subject shall have the right to object at any time, for reasons related to his
    situation, to the processing of his personal data in the public interest or in the exercise of
    public authority, or to the processing of data controllers or third parties, including profiling
    based on those provisions. In the event of an objection, the controller may not further
    process the personal data, unless justified by compelling legitimate reasons which take
    precedence over the interests, rights and freedoms of the data subject or which relate to the
    submission, enforcement or protection of legal claims.
    4.8. Automated decision making in individual cases, profiling:
    The data subject shall have the right not to be covered by a decision based solely on
    automated data processing, including profiling, which would have legal effects on him or her
    or would be similarly significant.
    The above authority does not apply if the data management
  • necessary for the conclusion or performance of the contract between the data subject and
    the controller,
  • is governed by Union or Member State law applicable to the controller, which also lays
    down appropriate measures to protect the rights and freedoms and legitimate interests of the
    data subject, or
  • is based on the express consent of the data subject.
    4.9. Right of withdrawal:
    The data subject has the right to withdraw his or her consent at any time. Withdrawal of
    consent shall not affect the lawfulness of the consent-based processing prior to withdrawal.
    Revocation is only possible in the case of data processing based on voluntary consent.
  1. RULES OF PROCEDURE
    The Data Controller shall, without undue delay, but in any case within one month from the
    receipt of the request, inform the data subject in accordance with GDPR 15-22. on the action
    taken on a request pursuant to Article. If necessary, taking into account the complexity of the
    application and the number of applications, this time limit may be extended by a further two
    months.
    The controller shall inform the data subject of the extension of the time limit, indicating the
    reasons for the delay, within one month of receiving the request. If the data subject has
    submitted his / her request by electronic means, the information shall be provided by
    electronic means, unless the data subject requests it in another form.
    If the controller does not take action following the data subject’s request, it shall inform the
    data subject without delay, but no later than one month after receipt of the request, of the
    fact and reasons for non-action and of the data subject’s complaint to a supervisory authority
    and judicial review. .
    The Data Controller shall provide the requested information and information free of charge. If
    the data subject’s request is manifestly unfounded or, in particular due to its repetitive
    nature, excessive, the controller may charge a reasonable fee or refuse to act on the
    request, taking into account the administrative costs of providing the requested information
    or action or taking the requested action.
    The Data Controller shall inform all recipients to whom or with whom the personal data have
    been communicated of any rectification, erasure or restriction of data processing, unless this
    proves impossible or requires a disproportionate effort. At the request of the data subject,
    the controller shall inform the recipients.
    The Data Controller shall provide the data subject with a copy of the personal data subject to
    data processing. The controller may charge a reasonable fee based on administrative costs
    for additional copies requested by the data subject. If the data subject has submitted the
    request electronically, the information shall be provided in electronic form, unless the data
    subject requests otherwise.
  2. INDEMNIFICATION AND DAMAGE
    Anyone who suffers pecuniary or non-pecuniary damage as a result of understanding the
    data protection legislation is entitled to compensation, which the data controller or data
    processor is obliged to pay. The data processor is only liable if it has not complied with the
    legal obligations specifically imposed on the data processors or has not complied with the
    lawful instructions of the data controller. Several data controllers, or several data processors,
    or both the data controller and the data processor are involved in the same data processing
    and are liable for the damage caused during the data processing, in which case they are
    jointly and severally liable for the total damage.
  3. REMEDIES
    If the data subject’s rights are violated, he or she may take legal action against the data
    controller. The court is acting out of turn in the case. Proceedings may also be brought
    before the court of the place of residence or stay of the person concerned, at the choice of
    the person concerned. The court is acting out of turn in the case.
    Complaints can be lodged with the National Data Protection and Freedom of Information
    Authority: Name: National Data Protection and Freedom of Information Authority
    Headquarters: 1125 Budapest, Szilágyi Erzsébet avenue 22 / C.
    Mailing address: 1530 Budapest, Pf .: 5.
    Phone: 0613911400 Fax: 0613911410
    E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu
    Budapest, 01/06/2020