Soluzioni Naturali Kft.Privacy Policy

Company name: Soluzioni Naturali Kft.

Headquarters: 1025 Budapest, Csejtei Street 12/B

Company registration number: 01–09-425125

Tax number: 32458220–2‑41

Representative: Dr. Imre Bozsik, Managing Director

Telefonszám: +36–30-012‑2480

E‑mail address: soluzionikft@gmail.com

Website: www.soluzioninaturali.eu

PURPOSE OF THE DATA PROCESSING NOTICE

The data controller acknowledges the content of this legal notice as binding on itself. The purpose of this Data Protection Notice is to inform the data controller’s clients, partners and customers regarding the processing of their personal data.

The data controller processes personal data exclusively in accordance with the provisions of applicable law, in strict compliance with the requirements of data management and data protection provisions, taking into account the principles of legality, fair procedure and transparency, purpose limitation, data economy, accuracy, and limited storage.

The data controller takes all technical and organizational measures to process the personal data of its partners securely, in a manner required by Regulation (EU) 2016/679 of the European Parliament and of the Council.

The data controller has transformed its everyday activities in accordance with the above, developed its regulations, registers, and document templates.

The data protection guidelines arising from the data controller’s data processing are continuously available at the data controller’s headquarters and website. The data controller reserves the right to change this information at any time. Of course, it will notify its audience of any changes in due time.

The data controller is committed to protecting the personal data of its customers and partners and considers it of utmost importance to respect the customers’ right to informational self-determination. The data controller treats personal data confidentially and takes all security, technical and organizational measures to guarantee the security of the data. The data controller describes its data management practices below.

PERSONAL, SUBJECT AND TEMPORAL SCOPE OF THE DATA PROCESSING NOTICE

The personal scope of this Data Protection Notice extends to the data controller, as well as to those natural persons whose data is included in the data processing operations covered by this Notice, as well as to those persons whose rights or legitimate interests are affected by the data processing.

The scope of the Notice covers all data processing arising during the data controller’s activities, except for so-called internal data processing (e.g. related to employees), which is regulated in the data controller’s Data Processing Policy.

This Notice shall enter into force on 24.01.2025 and shall be valid for an indefinite period.

DEFINITIONS OF MORE IMPORTANT TERMS

Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special data: all data falling within special categories of personal data, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons.

Data processing: any operation or set of operations which is performed on personal data or data files, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or destruction.

Data controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.

Joint data controllers: if the purposes and means of data processing are determined jointly by two or more data controllers, they are considered joint data controllers.

Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct control of the controller or processor, are authorised to process personal data.

Consent of the data subject: any freely given, specific, adequately informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.

Data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored, or otherwise processed.

Lawful data processing by the data controller:

The data controller processes personal data only in the following cases:

if the data subject has given consent to the processing of his or her personal data for one or more specific purposes,

the data processing is necessary for the performance of a contract to which the data subject is a party,

the data processing is necessary for the fulfillment of a legal obligation to which the data controller is subject,

the processing is necessary to protect the vital interests of the data subject or another natural person,

the data processing is necessary for the purposes of the legitimate interests of the data controller or a third party.

The data controller examines the lawfulness of data processing at every stage of its activity and only processes data for as long as it can justify its purpose and legal basis. If the conditions for a legal basis cease to exist, data processing can only be continued if the data controller can justify another appropriate legal basis.

The main rule for proving legal grounds is that they must be in writing. Even in the case of a legal ground established by inductive conduct, it must be examined whether it can be clearly proven afterwards. In case of doubt, with regard to the aspects of reasonableness and economy, efforts should be made to confirm in writing the data processing established by inductive conduct.

In the case of data processing based on consent, the data subject gives written consent to the processing of his or her personal data. Consent is not subject to formal requirements, but subsequent provability requires written consent on paper or electronically.

Data processing based on the legal basis of fulfilling a legal obligation is independent of the consent of the data subject, as data processing is determined by law.

Regardless of the mandatory nature of data processing, the individual concerned must be informed before the start of data processing that the data processing is mandatory and cannot be avoided, and the individual concerned must be provided with clear and detailed information about all significant facts related to the processing of his or her data before the start of data processing.

According to the GDPR (General Data Protection Regulation), personal data may also be processed if the processing is necessary for the performance of a contract to which the individual concerned is a party, or if the processing or collection of data is necessary to take steps at the request of the individual concerned prior to entering into a contract. The controller may process personal data for the purpose of concluding, performing or terminating the contract on the legal basis of performance of the contract.

PROCESSING OF PERSONAL DATA BY THE DATA CONTROLLER

The data controller is a legal entity primarily engaged in the production and distribution of microbiological products. In the course of carrying out these activities, it may come into contact with the personal data of natural persons. The data controller carries out the following data processing activities:

The data controller’s contractual partners in its manufacturing, distribution and consulting service activities and in its cooperation with reseller partners, customers and regional representatives may be both private individuals and legal entities.

The conclusion of the contract is preceded by a request for a quote in the form of an e‑mail message using the contact form on the controller’s website ( soluzioninaturali.eu ). The client provides his/her name, telephone number, e‑mail address, to which the controller sends the relevant quote. If the quote is rejected, the data subject’s personal data will be deleted immediately, but no later than within 3 working days. The legal basis for the processing of personal data is the conclusion of the contract (Article 6(1)(b) of the General Data Protection Regulation). If the data subject orders the offered service, a contract will be concluded. Upon conclusion of the contract, the controller will acquire additional personal data of individuals (partners, representatives and contact persons). The legal basis for data processing is the fulfillment of the obligation assumed in the contract (Article 6(1)(b) of the General Data Protection Regulation), in the case of a contact person of a legal person, the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation). The data controller issues an invoice for the consideration of the contractual service provided by it, depending on the service provided. The invoice contains the name, address and possibly the tax number of the customer. Issuing the invoice is the obligation of the data controller set out in the law. The legal basis for the processing of personal data included in the invoice is the fulfillment of a legal obligation (Article 6(1)© of the General Data Protection Regulation). The data controller stores the personal data included in the invoice for 8 years, in compliance with the retention obligation set out in Section 169 of the Accounting Act.

You can apply for professional advice available on the data controller’s website at the data controller’s e‑mail address provided in this information. When applying, the data controller asks for the client’s name, e‑mail address and telephone number. The data controller processes personal data in order to arrange an appropriate appointment for the client and to ensure contact in the event of a change in appointment.

The legal basis for the processing of personal data obtained by the controller in this way is the conclusion of the contract (Article 6(1)(b) of the General Data Protection Regulation). If the data subject does not use the controller’s service at the agreed time, the controller shall delete the personal data without delay, but no later than within 3 working days. The legal basis for the processing of personal data during the use of the service is the fulfillment of the obligations assumed in the contract (Article 6(1)(b) of the General Data Protection Regulation). The controller may issue an invoice to the client for the consideration for the service provided by it, depending on the service provided. The invoice shall contain the client’s name, address and, in the case of a legal entity, its tax identification number. The legal basis for the processing of personal data is the fulfillment of a legal obligation (Article 6(1)© of the General Data Protection Regulation). The data controller stores the personal data on the invoice for 8 years, in compliance with the retention obligation set out in Section 169 of the Accounting Act.

After filling out the contact form – i.e. providing their name and email address – the interested party has the opportunity to download short, PDF-formatted information materials in English and Hungarian for each product. The purpose of processing personal data is to contact the person who downloaded the information material. If a contractual relationship with the interested party regarding a product manufactured or distributed by the data controller is not established within 6 months of downloading the information material, the data controller will delete the personal data no later than 3 working days after the expiry of the six months. The legal basis for processing personal data that the data controller has become aware of in this way is the conclusion of the contract (Article 6 (1) paragraph b) of the General Data Protection Regulation) and the prior informed consent of the interested party. By filling out the form, the data subject declares that he/she has read the data controller’s Data Protection Notice and has taken note of its contents.

The data controller, in connection with its commercial activities, during the sale of products produced or distributed by it, personally or through soluzionikft@gmail.com accepts orders via e‑mail address. Customers can be both private individuals and legal entities. In the case of an order, the data controller requests the customer’s name (in the case of a legal entity, the name of the contact person and the tax number of the legal entity), address, e‑mail address, and telephone number. The legal basis for the processing of personal data is the fulfillment of the obligations assumed in the contract (Article 6 (1) paragraph b) of the General Data Protection Regulation). In the case of a legal entity, the personal data of the contact person is processed, which is based on the consent of the data subject (Article 6 (1) paragraph a) of the General Data Protection Regulation). The purpose of the processing of personal data is to fulfill the obligations assumed, to maintain contact, and to send the ordered product to the data subject. The data controller issues an invoice to its customers for the consideration for the products it sells. The invoice contains the customer’s name, address, and possibly tax number. Legal basis for processing personal data, fulfillment of a legal obligation (Article 6(1)© of the General Data Protection Regulation). The data controller stores the personal data on the invoice for 8 years, in compliance with the retention obligation set out in Section 169 of the Accounting Act.

The data controller also organizes professional events, lectures, and various programs. The data controller is responsible for the programs. soluzionikft@gmail.com can be registered in the form of a message sent to the e‑mail address. During the registration, the data controller requests the client’s name, address, e‑mail address, and telephone number. The purpose of data processing is to complete the registration for the event, to ensure the possibility of keeping in touch with the data subject, and to organize the program. The legal basis for the processing of personal data is the fulfillment of the obligations assumed in the contract (Article 6 (1) paragraph b) of the General Data Protection Regulation). The data controller issues an invoice to the client for the amount of the possible participation fee. The invoice contains the client’s name, address, and, in the case of a legal entity, its tax number. The legal basis for the processing of personal data is fulfillment of a legal obligation (Article 6 (1) paragraph c) of the General Data Protection Regulation). The data controller stores the personal data on the invoice for 8 years, in compliance with the retention obligation set out in Section 169 of the Accounting Act.

The personal data of speakers, experts and professionals participating in the events may also be processed during the organization and promotion of the event. Since the data controller has a contractual relationship with the speaker, the legal basis for the processing of personal data is the fulfillment of the obligation assumed in the contract (Article 6 (1) (b) of the General Data Protection Regulation). The data controller processes personal data exclusively for the purpose of organizing the program and maintaining contact with the speaker. The name and image of the speaker or professional may be displayed in advertisements and information posts about the event on the data controller’s website. For this, the data controller requests the consent of the data subject. The legal basis for the processing of data is therefore the consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation).

In the course of performing its tasks, the data controller processes the e‑mail addresses and telephone numbers of its clients, partners and customers, in order to fulfill its contractual obligations (Article 6(1)(b) of the General Data Protection Regulation), or pursuant to their individual consent (Article 6(1)(a) of the General Data Protection Regulation).

In the course of its work, the data controller may also have contractual relationships with subcontractors, suppliers and other service providers, which also provide a basis for the processing of personal data. In this case, the legal basis for the processing of personal data (in the case of a natural person or a sole proprietor) is the performance of the obligation assumed in the contract (Article 6(1)(b) of the General Data Protection Regulation), or the explicit, prior informed consent of the data subject in relation to the personal data of the contact person of a legal person (Article 6(1)(a) of the General Data Protection Regulation).

If natural persons applying to the data controller submit a CV to the company, personal data processing also takes place in relation to the personal data included in the CV. The legal basis for data processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).

The data controller primarily presents its activities, services and products on its own website (www.soluzioninaturali.eu). The website does not use cookies during its operation, so this type of personal data processing does not take place.

On the website, the visitor to the site has the opportunity to contact the data controller using a contact form. The form must contain the name and e‑mail address of the interested party. The purpose of the processing of personal data is to contact the visitor to the site and the person interested in the services and products of the data controller. If the service is not used or a product is not ordered within 6 months after the contact, the personal data of the interested party will be deleted within 3 working days after the 6 months have elapsed. The data controller processes personal data for the purpose of concluding a contract, on this legal basis (Article 6 (1) paragraph b) of the General Data Protection Regulation). By completing the form, the data subject declares that he/she has read the Data Controller’s Data Processing Information and has taken note of its contents.

The data controller occasionally takes photos or videos of its customers, partners, and event participants. If a recognizable individual is seen in the recording, the recording will be made and used – on the data controller’s website or in connection with other appearances – only with the written, informed, prior, voluntary consent of the data subject. The legal basis for data processing is the data subject’s consent (Article 6(1)(a) of the General Data Protection Regulation).

The consent of the data subject is not required for the recording and the use of the recorded recording in the case of mass recording and recording of public appearances.

When handling complaints related to the data controller’s activities, the purpose of data management is to enable the communication of the complaint, identify the data subject and his/her complaint, record data that must be recorded by law, and investigate the complaint and maintain contact related to its resolution.

In the event of a complaint, the processing of personal data is mandatory – pursuant to Act CLV of 1997 on Consumer Protection. According to this, the legal basis for the processing of personal data is the fulfillment of a legal obligation (Article 6 (1) © of the General Data Protection Regulation).

The data controller keeps a data processing record of the above-mentioned data processing. The record also includes the deadlines for the deletion of personal data. The record is an annex to this Data Processing Notice.

DATA PROCESSORS IN RELATION TO THE DATA CONTROLLER

If data processing is carried out on behalf of the data controller, the data controller may only use data processors that provide adequate guarantees for compliance with the requirements of the General Data Protection Regulation or implement appropriate technical and organizational measures to ensure the protection of the rights of data subjects.

The data controller hereby declares that in the course of its work it only contacts data processors who have adequate guarantees of compliance with the GDPR regulation and the implementation of appropriate technical and organizational measures to ensure the protection of the rights of data subjects. The relevant statements of the data processors are available.

By reading and acknowledging this Data Protection Notice, the data subjects agree that the data controller will transfer their personal data to the data processors and joint data controllers listed below.

Data processor is the accounting firm employed by the data controller:

SEE YOU Limited Liability Company ( registered office: 6400 Kiskunhalas, Bethlen G tér 6. I. floor 5., tax number 24889166–2‑03 )

The data controller’s partner in relation to the issuance of invoices:

KBOSS. hu Trading and Service Limited Liability Company – registered office: 1031 Budapest, Záhony utca 7., adószám. 13421739–2‑41.

Mozaik Integrated Management System – registered office: 5500 Gyomaendrőd Rákóczi F. utca 3., tax number: 11055011–2‑04

The data processor (and also an independent data controller in the performance of its tasks) is the courier company employed by the data controller:

GLS HUNGARY KFT. registered office: 2351 Alsónémedi, GLS Europe Street 2., 06 29 886–700, info@gls-hungary.com

The company hosting the controller’s website is also considered a data processor:

Company name: Websupport Magyarország Kft.
Headquarters: 1132 Budapest, Victor Hugo utca 18–22.
Tax number: 25138205–2‑43
Company registration number: 01–09-381419
Community tax number: HU25138205
Bank account number: 12011179–01395626-00100003 – Raiffeisen Bank Zrt.
IBAN code: HU38 1201 1179 0139 5626 0010 0003
Phone: +36 1 700 4140
E‑mail address: info@tarhelypark.hu

A partner cooperating with the data controller who maintains the data controller’s website is also considered a data processor:

Company name: Osztheimer Balázs Gábor EV.
Headquarters: 8800 Nagykanizsa, Ifjúság utca 23.
Tax number: 56423057–1‑40

The server of the data controller’s email system is also a data processor:

Company name: Google LLC
Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Company registration number: Delaware államban bejegyezve, cégjegyzékszám: 3582691
Tax number: US EIN: 77–0493581

The operator of the logistics system used by the data controller is considered a data processor:

Mozaik Integrated Management System registered office: 5500 Gyomaendrőd Rákóczi F. utca 3. – registered office: 5500 Gyomaendrőd Rákóczi F. utca 3., tax number: 11055011–2‑04

When storing data in a cloud-based online database, the service provider is considered a data processor:

Name: Meta Platforms Technologies Ireland Limited

Address: MERRION ROAD, DUBLIN 4, D04 X2K5, IRELAND

Services related to the META Platform: Gmail, Google meet, Google workspace, Google drive

The data controller also forwards its customers’ personal data to the National Tax and Customs Office.

The contracted data processing and data management partners process the partners’ personal data exclusively on the basis of instructions given by the data manager (except for the application of legal requirements) and under an obligation of confidentiality.

DATA PROCESSING RELATED TO CONTRACTS CONCLUDED BY THE DATA CONTROLLER

Customer contracts:

In the context of the data controller’s services and activities, its contractual partners in cooperation with reseller partners, customers and regional representatives can be both private individuals and legal entities. The conclusion of the contract is preceded by a request for a quote sent by SMS to the telephone number provided in this information or in the form of a message to the data controller’s e‑mail address specified in this information. The client provides his name, telephone number and e‑mail address, to which the data controller sends its relevant offer. If the offer is rejected, the data subject’s personal data will be deleted immediately, but no later than within 3 working days. The legal basis for the processing of personal data is the conclusion of the contract (Article 6 (1) (b) of the General Data Protection Regulation). If the data subject orders the offered service, a contract will be concluded. Upon conclusion of the contract, the data controller will receive additional personal data of the private individuals (partners and contacts). The legal basis for data processing is the fulfillment of the obligation assumed in the contract (Article 6(1)(b) of the General Data Protection Regulation), or the consent of the data subject in the case of a contact person of a legal entity (Article 6(1)(a) of the General Data Protection Regulation). The data controller issues an invoice for the consideration of the service provided by it under the contract. The invoice contains the name, address and, in the case of a legal entity, the tax number. Issuing the invoice is the obligation of the data controller set out in the law. The legal basis for the processing of personal data included in the invoice is the fulfillment of a legal obligation (Article 6(1)© of the General Data Protection Regulation). The data controller stores the personal data included in the invoice for 8 years, in compliance with the retention obligation set out in Section 169 of the Accounting Act.

In connection with the data controller’s commercial activities, during the sale of products produced or distributed by it, orders are placed at the e‑mail address provided in this information. Customers can be both private individuals and legal entities. In the case of an order, the data controller requests the customer’s name (in the case of a legal entity, the name and tax number of the contact person), address, e‑mail address, and telephone number. The legal basis for the processing of personal data is the fulfillment of the obligations assumed in the contract (Article 6 (1) paragraph b) of the General Data Protection Regulation). In the case of a legal entity, the personal data of the contact person is processed, which is based on the consent of the data subject (Article 6 (1) paragraph a) of the General Data Protection Regulation). The purpose of the processing of personal data is the fulfillment of the obligations assumed, maintaining contact, and sending the ordered product to the data subject. The data controller issues an invoice to its customers for the consideration for the products sold by it. The invoice contains the customer’s name, address, and possibly tax number. Legal basis for processing personal data, fulfillment of a legal obligation (Article 6(1)© of the General Data Protection Regulation). The data controller stores the personal data on the invoice for 8 years, in compliance with the retention obligation set out in Section 169 of the Accounting Act.

Supplier contracts:

The data controller may also manage the contact details of suppliers (name, e‑mail address, telephone number) and may also be in contact with service providers and subcontractors. In order to maintain contact with partners, personal data may also be processed in these cases (personal data of the contact person or the natural person, sole proprietor). The legal basis for the processing of personal data is the fulfillment of the obligation assumed in the contract (Article 6 (1) (b) of the General Data Protection Regulation), or the consent of the contact person (Article 6 (1) (a) of the General Data Protection Regulation).

The data controller completes a consent declaration with the company’s contact persons, informing them of their rights related to personal data and requesting their consent to process their data. In such cases, the legal basis for the processing of personal data is the data subject’s express, written, and appropriately informed consent to the data processing (Article 6(1)(a) of the General Data Protection Regulation). If the contract concluded with the partner has been terminated and the statutory retention obligation does not apply to the retention of data and documents, the telephone numbers and e‑mail addresses will be deleted. The data controller stores the personal data included in the contract and on the invoice for 8 years, in compliance with the retention obligation set out in Section 169 of the Accounting Act.

Handling of invoices issued to customers and the personal data contained therein:

The data controller issues an invoice to its customers and clients for the consideration for the services provided and products sold under the contract. The invoice contains the name, address and, in the case of a legal entity, the tax number of the customer. The invoice is issued by the data controller in order to fulfill a legal obligation. The legal basis for the processing of personal data included in the invoice is fulfillment of a legal obligation (Article 6(1)© of the General Data Protection Regulation). The data controller stores the personal data recorded in this way for 8 years, in compliance with the retention obligation set out in Section 169 of the Accounting Act.

Children’s data, processing of special categories of personal data:

The data controller intends to sell its services and products exclusively to persons over the age of 18.

The data subject declares that he/she is over 16 years of age when submitting his/her CV on the data controller’s website. A person under the age of 16 may not apply in this way, given that the validity of the legal declaration containing his/her consent to data processing under Article 8(1) of the General Data Protection Regulation (GDPR) requires the permission of his/her legal representative. The data controller is not able to verify the age and entitlement of the person giving his/her consent, so the data subject guarantees that the data provided is true.

The data controller does not record any sensitive data brought to the attention of the data controller or made available to it. If such data has entered any of its systems without the data controller’s knowledge, it will be deleted from the system immediately upon detection.

Retention of names, email addresses, and phone numbers by the data controller:

In the course of its activities, the data controller also learns the e‑mail addresses and telephone numbers of its partners, customers and clients. The personal data entered into its system in this way is processed primarily in order to fulfill its contractual obligations (Article 6 (1) paragraph b) of the General Data Protection Regulation). If the contract concluded with the partner has been terminated and the statutory retention obligation does not apply to the retention of data and documents, the telephone numbers and e‑mail addresses will be deleted. In some cases, the data controller still has a legitimate interest in retaining the data, in which case it requests the data subject’s express and written consent to the retention of his or her personal data (Article 6 (1) paragraph a) of the General Data Protection Regulation).

Processing of applications and CVs received by the data controller:

Natural persons applying for the position of data controller may submit a CV to the company. If the CV is submitted because the data controller is looking for an employee and has advertised the position, the CV may only be used in connection with that position.

If the applicant did not meet the conditions for the advertised position and another candidate was selected, the CV will be destroyed immediately. The data controller may only retain the application based on the explicit, unambiguous and voluntary consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation), provided that its retention is necessary to achieve the purpose of the data processing.

Az adatkezelő „anonim” álláshirdetéseket (azok az álláshirdetések, amelyekben a munkáltató nem tűnteti fel a nevét, ezért az álláspályázat elküldésének időpontjában a jelentkezők nem lehetnek tisztában azzal, hogy mely munkáltatónak az állására jelentkeznek) nem ad fel, ugyanis ez ellentétes az adatkezelő kilétére vonatkozó előzetes tájékoztatás követelményével. Az adatkezelő, amennyiben álláshirdetést ad fel, minden esetben tájékoztatja az érintetteket kilétéről.

If the applicant has voluntarily sent a CV to the data controller without advertising, he/she declares whether he/she consents to the processing of personal data by the data controller. Submitting a CV does not mean that the data subject also consents to the data controller retaining his/her application materials. It is also important that the data controller may use the CV only in relation to the vacancies indicated by the job applicant. CVs are stored for a standard period of 3 months, unless the data subject provides a longer period in his/her consent.

When assessing a job application, the data controller will only check and obtain information from the applicant’s profile page on the social network if the data subject has been informed of this in advance. Even in such cases, it will only view public data and will only use information that is relevant to the job application or the position for which it is being selected. Under no circumstances will the data controller save, store or forward the applicant’s profile page to a third party.

If the data subject is not selected for the given position, the data controller will inform him/her of this and the reason for the rejection.

Taking photos and videos at the data controller:

The consent of the data subject is not required for the recording and the use of the recorded recording in the case of mass recording and recording of public appearances.

If the data subject withdraws consent and requests the termination of the use of the recording, or the deletion of the recording, the data controller will comply with this request immediately.

DATA CONTROLLER’S WEBSITE

On the data controller’s own website ( www.soluzioninaturali.eu ) presents its activities, services and the products it manufactures and distributes to interested parties.

The data controller’s website does not use cookies during its operation, so this type of personal data processing does not take place.

Personal data processing when using the contact form:

On the website, the visitor to the site has the opportunity to contact the data controller using a contact form. The form must contain the name and e‑mail address of the interested party. The purpose of the processing of personal data is to contact the visitor to the site and the person interested in the services and products of the data controller. If the service specified in the contract is not used or the product is not ordered within 6 months after the contact, the personal data of the interested party will be deleted within 3 working days after the 6 months have elapsed. The data controller processes personal data for the purpose of concluding the contract, on this legal basis (Article 6 (1) paragraph b) of the General Data Protection Regulation). By completing the form, the data subject declares that he/she has read the data controller’s Data Processing Information and has taken note of its contents.

Personal data processing when using cloud-based applications:

The data controller primarily uses cloud-based services for storing, backing up and sharing documents. The common feature of such services is that they are not provided by the user’s computer, but by a remote server, a server center that can be located anywhere in the world. Online storage also provides such a service. The great advantage of cloud applications is that they provide highly secure, flexibly expandable IT storage and processing capacity that is essentially independent of geographical location.

In these cases, the cloud service provider can be considered a data processor who processes personal data on behalf of the data controller. Cloud service providers are obliged to treat personal data confidentially and may only process data on the instructions of the data controller.

The data controller selects its cloud service providers with the greatest possible care, takes all generally expected measures to conclude contracts with them that also take into account the data security interests of its clients and customers, makes their data management principles transparent to them, and regularly checks data security.

Cloud-based storage spaces are password-protected, and only the data manager can access the data stored there.

The data controller’s partners expressly consent to the data transfer necessary for the use of cloud-based applications by accepting this Data Protection Notice. The legal basis for data processing is the consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation).

Handling complaints related to the activities of the data controller:

The data controller will retain the minutes of the complaint and a copy of the response for 5 years, and will process personal data based on this during this period.

Security of data processing:

The data controller undertakes to ensure the security of the data, to take technical and organisational measures and to maintain procedural rules that ensure that the data recorded, stored and processed are protected and to prevent their destruction, unauthorised use and unauthorised modification. It also undertakes to call on all third parties to whom the data is transmitted or transferred to comply with the data security requirements.

The data controller ensures that unauthorized persons cannot access, disclose, transmit, modify or delete the data processed. The data processed may only be accessed by the data controller and the data processor(s) used by it, and it shall not be passed on to third parties who are not authorized to access the data.

The data controller pays special attention to the security of the personal data of its customers and customers. It acts in full compliance with legal provisions and requires this from all its partners. The protection of personal data includes physical data protection (storing documents in a lockable room and cabinet) as well as IT protection (using antivirus, firewall, password protection).

The data controller stores the personal data provided by the data subject primarily on the servers of the data processor(s) specified in this Data Management Notice equipped with standard protection systems, partly on its own IT equipment, and in the case of paper data carriers, at its registered office, in a properly locked manner.

The data subjects acknowledge and accept that when providing their personal data, the protection of the data cannot be fully guaranteed on the internet and in computer systems. In the event of unauthorized access or disclosure of data, despite the efforts of the data controller, it is necessary to proceed as described in this notice.

Rights of those affected by data processing:

Transparent information:

This Data Management Notice also serves the purpose of providing clear, concise, transparent and understandable information about the data management activities applied by the data controller.

Access rights:

The data subject has the right to receive feedback from the data controller as to whether his or her personal data is being processed and, if such processing is taking place, he or she has the right to access the personal data and the following information:

the purpose of data processing,

the categories of personal data concerned,

the recipients to whom the personal data were disclosed,

the planned period of storage of personal data.

You can request information about the above data from the data controller at the following address or e‑mail address:

Soluzioni Naturali Kft. – Hungary 1025 Budapest, Csejtei street 12/B

E‑mail: soluzionikft@gmail.com

The data controller hereby informs you that it will respond to your request within 30 days. Requests for information sent by post will be responded to by post, and requests sent by email will be responded to by email.

Right to rectification:

The data subject has the right to have the data controller correct inaccurate personal data concerning him or her, at his or her request.

You can request information about the above data from the data controller at the following address or e‑mail address:

Soluzioni Naturali Kft. – Hungary 1025 Budapest, Csejtei street 12/B

E‑mail: soluzionikft@gmail.com

Right to rectification:

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her. The controller is obliged to erase the personal data upon request if one of the following grounds applies:

the personal data are no longer necessary for the purpose for which they were collected,

the data subject withdraws their previously given consent and there is no other legal basis for the data processing,

the data subject objects to the data processing and there are no overriding legitimate grounds for the data processing,

the personal data has been processed unlawfully,

the data must be erased to comply with a legal obligation under EU or Member State law.

You can request information about the above data from the data controller at the following address or e‑mail address:

Soluzioni Naturali Kft. – Hungary 1025 Budapest, Csejtei street 12/B

E‑mail: soluzionikft@gmail.com

Right to restrict data processing:

The data subject has the right to request that the data controller restrict data processing, primarily if:

disputes the accuracy of the data,

considers the data processing unlawful, but for some reason does not request the deletion of the data.

You can request information about the above data from the data controller at the following address or e‑mail address:

Soluzioni Naturali Kft. – Hungary 1025 Budapest, Csejtei street 12/B

E‑mail: soluzionikft@gmail.com

Right to data portability:

The data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and has the right to transmit these data to another controller.

You can request information about the above data from the data controller at the following address or e‑mail address:

Soluzioni Naturali Kft. – Hungary 1025 Budapest, Csejtei street 12/B

E‑mail: soluzionikft@gmail.com

In the event of a data breach, the data security breach must be of a serious nature, meaning that the breach must be of a degree that the personal data:

with its destruction,

with the loss,

by changing it,

unauthorized disclosure or

associated with unauthorized access.

An incident is considered to be one of the above, but this does not exclude the possibility of several points occurring simultaneously. This does not only include intentional, malicious behavior, but also injuries caused by negligence. An incident therefore occurs when it is caused by an accident or an unlawful act.

Examples of data breaches include:

illegal transmission of personal data on a document, portable device, data carrier or IT system (e.g. by mail),

unauthorized access to an IT system or application that processes personal data,

damage to or loss of part or all of a database containing personal data,

the unusability of part or all of the IT system due to a virus or other malicious software, etc.

In the absence of appropriate and timely action, a data breach may cause physical, material or non-material damage to natural persons, including loss of control over their personal data or restriction of their rights, discrimination, identity theft or misuse, financial loss, unauthorized de-identification, damage to reputation, breach of the confidentiality of personal data protected by professional secrecy, or other significant economic or social disadvantage to the natural persons concerned.

In the event of a possible data breach (unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons), the controller shall immediately notify the National Data Protection and Freedom of Information Authority. As soon as the controller becomes aware of the breach, it shall notify the breach without undue delay and, where feasible, no later than 72 hours after it has become aware of the breach. If the notification cannot be made within 72 hours, the reason for the delay shall be stated in the notification and the required information shall be provided in detail without further undue delay.

To report a data protection incident, the National Data Protection and Freedom of Information Authority operates a system created specifically for this purpose on its website, through which reports can be made electronically.

The controller shall keep records of data protection incidents, indicating the facts relating to the data protection incident, its effects and the measures taken to remedy it. The controller shall keep records of the data relating to the incidents, including their causes, the events and the scope of the personal data concerned. The records shall also include the effects and consequences of the incidents, the measures taken to remedy them and the controller’s conclusions (for example: why it believes that the incident is not reportable or, if the notification is delayed, what was the reason for the delay).

It is not necessary to notify the supervisory authority of an incident that is unlikely to result in a risk to the rights and freedoms of natural persons.

If the data breach is likely to result in a high risk to the rights and freedoms of the controller’s partners, customers and clients, we will immediately inform the affected partner. The information provided to the data subject must clearly and intelligibly describe the nature of the data breach and provide the most important information and measures.

The data subject does not need to be informed as above if any of the following conditions are met:

the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the data breach, in particular measures that make the data unintelligible to persons not authorised to access the personal data;

the data controller has taken further measures following the data protection incident to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;

In such cases, the information would require a disproportionate effort. In such cases, the data subjects should be informed by means of publicly published information or similar measures should be taken to ensure that the data subjects are informed in a similarly effective manner.

Information about the relevant legislation:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);

Act CXII of 2011 – on the right to informational self-determination and freedom of information (Info. Act);
Act V of 2011 – on the Civil Code (Civil Code);
Act C of 2011 – on accounting (Accounting Act).

Right to go to court:

In the event of a violation of their rights, the data subject may take legal action against the data controller. The court will proceed with the case without delay.

Data protection authority procedure:

You can file a complaint with the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1055 Budapest, Falk Miksa u. 9–11.

Mailing address: 1363 Budapest, P.O. Box 9.

Phone: 0613911400

Fax: 0613911410

E‑mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

RIGHT TO OBJECT (PURSUANT TO ARTICLE 21 OF THE GENERAL DATA PROTECTION REGULATION)

Az Érintett tiltakozhat személyes adatainak az általános adatvédelmi rendelet 6. cikk (1) bekezdés e), valamint f) against processing necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, including profiling based on the aforementioned provisions. In such a case, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

LEGAL REMEDIES RELATED TO DATA PROCESSING

Initiation of legal proceedings

The Data Subject may take legal action against the Data Controller or, in connection with data processing operations falling within the scope of the data processor’s activities, against the data processor if, in his or her opinion, the Data Controller or the data processor acting on his or her behalf or on his or her instructions processes his or her personal data in violation of the provisions on the processing of personal data set out in law or in a binding legal act of the European Union.

The trial is within the jurisdiction of the court. The trial may also be initiated – at the choice of the Data Subject – before the court competent for the Data Subject’s place of residence or residence.

The Data Controller shall compensate for the damage caused by the unlawful processing of the Data Subject’s data or the violation of data security requirements, but shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of data processing. The Data Controller shall not compensate for the damage to the extent that it resulted from the intentional or grossly negligent conduct of the injured party. In the event of a violation of the Data Subject’s personal rights, the Data Subject may claim damages.

Initiation of official proceedings

The Data Subject at the National Data Protection and Freedom of Information Authority (1055 Budapest, Falk Miksa utca 9–11, website: http://naih.hu; postal address: 1396 Budapest, P.O. Box: 9.; telephone: +36–1‑391‑1400; fax: +36–1‑391‑1410; e‑mail: ugyfelszolgalat@naih.hu) may initiate an investigation or an official procedure in order to enforce his/her rights, citing that a violation of the law has occurred in connection with the processing of his/her personal data or that there is an immediate risk of such a violation, in particular,

if, in his/her opinion, the Data Controller restricts the enforcement of the Data Subject’s rights specified in Section 8.1 or rejects the request to enforce these rights (initiation of an investigation), and
if, in your opinion, the Data Controller, or the data processor acting on his/her behalf or on his/her instructions, violates the provisions on the processing of personal data set out in law or in a binding legal act of the European Union (request for an official procedure).

Other provisions:

The data controller will provide information about data processing not listed in this information when collecting the data. In such cases, the provisions of the applicable laws shall apply.

The data controller hereby informs its clients that courts, prosecutors’ offices, investigative authorities, misdemeanor authorities, administrative authorities, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies authorized by law may contact the data controller to provide information, communicate or transfer data, or make documents available. The data controller will only provide the authorities with personal data to the extent and insofar as the authority has specified the precise purpose and scope of the data, which is absolutely necessary to achieve the purpose of the request.

The Data Controller processes personal data in accordance with the applicable laws for the data processing period specified in this data processing information.

The Data Subject has the right to request that the Data Controller erase personal data concerning him or her without undue delay, and the Data Controller is obliged to erase personal data concerning the Data Subject without undue delay if one of the following reasons applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the personal data has been processed unlawfully;
the personal data must be erased for compliance with a legal obligation imposed by a binding European Union legal act or regulation applicable to the Controller;

Data cannot be deleted if data processing is necessary:

for the purpose of exercising the right to freedom of expression and information;
for the purpose of fulfilling an obligation under a binding legal act of the European Union or a law applicable to the Controller requiring the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
on grounds of public interest in the field of public health in accordance with Article 9(2)(h) and (i) of the General Data Protection Regulation and Article 9(3) of the General Data Protection Regulation;
for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1) of the General Data Protection Regulation, where the right to erasure would likely render impossible or seriously jeopardise such processing; or
to assert, enforce or defend legal claims.

The Data Subject may request in writing that the Data Controller restrict the processing of his/her personal data if one of the following applies:

the Data Subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period of time that allows the Data Controller to verify the accuracy of the personal data;
the processing is unlawful and the Data Subject opposes the erasure of the data and instead requests the restriction of their use;
the Controller no longer needs the personal data for the purposes of data processing, but the Data Subject requires them for the establishment, exercise or defense of legal claims; or
the Data Subject has objected to the processing pursuant to Article 21(1) of the General Data Protection Regulation; in this case, the restriction shall apply for a period of time until it is determined whether the legitimate grounds of the Controller override those of the Data Subject.

If processing is restricted on the basis of the above, such personal data, with the exception of storage, may only be processed with the consent of the Data Subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the European Union or a Member State.

The Data Controller shall inform the Data Subject – at whose request the data processing was restricted – in advance of the lifting of the restriction on data processing.

The website of the Data Protection Authority contains further information about the data protection rights referred to in this Data Protection Notice.

Budapest, 2025. március 03.

Dr. Bozsik Imre

Bioplant-Chemie Kft.

executive

Soluzioni Naturali Kft.Privacy Policy

Contact Information:

Feel free to Contact Us!
Soluzioni Naturali Kft. – A hozzáértő gondoskodás

General Information:

© 2025 Soluzioni Naturali Kft. Minden jog fenntartva. | Impresszum