This is the Privacy Statement of Wuuff Kft, hereinafter Data Controller, as the operator of the web site available at the wuuff.dog web address.
In this Privacy Statement, Data Controller lays down its practice pertaining to the management of personal data included in the User Database of the Web Site, organizational and technical measures taken to protect data and information given of the rights of data subjects and the enforcement of such rights.
Data Controller declares to respect User's rights to privacy. In consideration of these rights and fully respecting the provisions of Act CXII of 2011 on Information Self-Determination and Freedom of Information, Data Controller shall manage and record data given voluntarily by registered User only in the extent for which User gave explicit consent.
This Privacy Statement must be considered as an inseparable part of the General Terms and Conditions that set forth the conditions of the use of the Web Site and the services available therein. Terms used in this Privacy Statement must be interpreted according to the definitions included in the General Terms and Conditions.
This Privacy Statement is applicable to the personal data provided by User for the correct operation of the advertising site. The Privacy Statement is not applicable to cases when User voluntarily discloses any of his\her personal data.
1. DATA CONTROLLER'S DATA
Name: Wuuff Kft.
Registered office: 2132 Göd, Hunyadi utca 18.
Commercial register number: Cg.13-09-184810
Name of the authority registering Data Controller: Budapest Környéki Törvényszék Cégbírósága (Budapest Environs Regional Court)
Data Controller's tax identification number: 25843480-2-13
Data Controller's telephone number: +36 30 384-5524
Service Provider's email address firstname.lastname@example.org
Data protection register number: under registration
2. MANAGED DATA
Visitors may visit the advertising site without disclosing their identity or providing any personal information. Users shall provide their personal data in order to pay a deposit, purchase a dog or on the other hand to place an advertisement of the dog for sale. Users are expected to register on the Website to pay a deposit or to purchase the dog. Data Controller asks Users to submit only such data that qualify as personal data pursuant to the definition included in Point 2, Section 3 of Act CXII of 2011 on Information Self-Determination and Freedom of Information. Data Controller does not ask Users to submit special data as defined in Point 3, Section 3 of the Act in any event.
Data submitted by User will be recorded in Data Controller's Web Site User Database.
Compulsory Personal Data to be provided by Advertiser:
● user name
● email address
● telephone or mobile number
● country and town
● kennel name
Optional Personal Data to be provided by Advertiser:
● kennel's web page
● Advertiser's facebook page
Personal data to be provided by Customer:
● user name
● email address
Data pertaining to User's habits recorded in the User Database:
● time of purchases
● amount of purchases
● proportion of the deposits
● purchased dogs and information closely related to these dogs
● time and frequency of placing advertisements
● time of visits to the page
Data recording and management shall be done on the basis of Users' voluntary, informed and explicit consent. Before finalizing a payment, Users are given the opportunity to review and accept this Privacy Statement. In order to execute a payment, Users are expected to review and accept the Privacy Statement.
Data to be managed for direct marketing purposes based on User's consent:
Data Controller may only use User's data for direct marketing purposes if User consents to such use in writing. When providing their data during registration, by checking in the appropriate checkboxes, Users consent to be contacted by Data Controller using their provided contact details via email, offers, electronic advertisements, newsletters.
Set of data specified for the case above:
● telephone number
Users may revoke the consent free of charge any time without providing justification by clicking on the relevant link in the newsletter. They can also send a specific statement of revocation to Service Provider's email address specified in Point I.
3. LEGAL GROUND OF DATA MANAGEMENT
Data management shall be carried out on the basis of Point a), Paragraph (1), Section 5 of Act CXII of 2011 on Information Self-Determination and Freedom of Information with Users' voluntary consent.
4. PURPOSE OF DATA MANAGEMENT
Data Controller shall manage personal data recorded in the User Database and purchasing and advertising habits to reach specific data management purposes. Data Controller's data management purposes:
● exercising rights pertaining to legal relations with Users, fulfilling obligations pertaining to legal relations, enforcing rights pertaining to legal relations,
● placing advertisements,
● managing advertisements,
● sending newsletters, notifications, system messages,
● executing Customer Service functions,
● providing payment services (paying a deposit for the dog or paying the full purchase price by Customer),
● providing additional services and discounts to Users utilizing advertising and payment services,
● developing services and products,
● recording and analyzing buying habits to reach all these ends.
Data Controller may not use personal data for any other purpose than indicated herein. Each phase of data management complies with this purpose.
Data Controller will not disclose personal data to third parties in any event without User's explicit consent, with the exception of cases prescribed by law or required by administrative proceedings, or if Data Controller uses subcontractors (courier or postal service providers) to fulfill his contractual obligations. In the latter case, the subcontractor performing delivery services are bound by contractual terms to use User's data only to fulfill contractual obligations. Subcontractors are not entitled to keep such data or disclose them to third parties for further use in any manner.
5. DURATION OF DATA MANAGEMENT
Data Controller shall manage and keep data only in the extent and until the time that is necessary to reach the specific purposes, or until data subjects request to erase data. Regulations may set forth the time period of managing data, and in such cases Data Controller shall manage and keep the relevant personal data for the period of time specified in the related regulations.
6. DATA DELETION
If, for some reason, the Contract concluded between Parties is not performed, User is entitled to request the deletion of his or her personal data by sending such statement to Data Controller's email address of email@example.com. Data Controller shall delete data within 5 work days upon receiving User's request, and shall inform User of the deletion via email. In case of deletion, published data may not be recovered.
7. SCOPE OF DATA PROCESSORS
Data Controller is entitled to process data.
Data Controller may disclose personal data to third parties only for the purpose of data processing. Data Processors may process personal data that came to their knowledge only according to Controller's instructions. They may not process data for their own purposes and they shall store and preserve data according to Data Controller's instructions. Data Processor may use additional data processors according to Controller's instructions.
This does not apply to occasional data transfers required by law, which may, however, take place only in extraordinary cases. Before fulfilling each data request of the authorities, Data Controller examines if the legal basis or obligation of data transfer really holds for each data.
The data and contact details of the current Data Processor of the Database are the same as Controller's data given in Section 1.
The list of Data Processors is not complete. Data Controller reserves the right to employ additional Data Processors whose names will be communicated separately the latest when they start processing data.
8. DATA SECURITY MEASURES, LIABILITY
Data of the User Database are stored on Controller's computer system.
IT tools selected by Data Controller and Data Processors are used to provide data management, data processing and data security. These systems ensure that data may be recorded, read, transferred, modified or deleted only by persons with appropriate authorization. The tools also guarantee that the integrity of data is preserved during processing.
Data Controller shall inform Users that electronic messages transferred via the Internet are vulnerable to threats, which may result in fraudulent activities, information disclosures or modifications.
Data Controller shall ensure the security of personal data with due care and diligence, apply the necessary technical measures, protect personal data especially from unauthorized access, modification, disclosure, deletion and destruction. If, in spite of Data Controller's due care and diligence, unauthorized access takes place, Data Controller will be exempt from liability.
9. USERS' RIGHTS PERTAINING TO THE MANAGEMENT OF THEIR PERSONAL DATA
Having reviewed the Privacy Statement, it is up to User to decide whether to submit personal data.
User may ask Data Controller to
● provide information of the methods of managing personal data,
● rectify personal data, and to
● delete or block personal data with the exception of cases where management is rendered mandatory.
Upon User's request, Data Controller shall provide information concerning the data relating to him, including those processed by a Data Processor on its behalf, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the Data Processor and its activities relating to data processing, and if the personal data of the data subject is made available to others, the legal basis and the recipients of this transfer. Data Controller shall comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at User’s request, within no more than thirty days. The information shall be provided free of charge if User did not submit a request for information to Data Controller for the same category of data in the current year. In other cases, data requests may be subject to a charge. The amount of such charge could be set forth in an agreement between Parties. Where any payment is made in connection with data that was managed unlawfully, or the request led to rectification, the payment shall be refunded.
Where a personal data is deemed inaccurate, and the correct personal data is at Data Controller’s disposal, Data Controller shall rectify the personal data in question.
Personal data shall be erased if:
● managed unlawfully;
● so requested by the data subject;
● incomplete or inaccurate and it cannot be lawfully rectified, provided that erasure is not disallowed by statutory provision of an act;
● the purpose of data management does not exist any longer or the legal time limit for storage has expired;
● so ordered by court or by the National Authority for Data Protection and Freedom of Information.
Data Controller shall block instead of erase personal data if so requested by User, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the data subject. Personal data locked this way may only be managed as long as the specific purpose of data management holds that ruled out the erasure of personal data.
If the accuracy of an item of personal data is contested by User and its accuracy or inaccuracy cannot be ascertained beyond doubt, Data Controller shall mark that personal data for the purpose of referencing.
When a data is rectified, blocked, marked or erased, User and all recipients to whom it was transmitted for processing shall be notified. Notification is not required if it does not violate the rightful interest of the data subject in light of the purpose of data management. If Data Controller refuses to comply with User’s request for rectification, blocking or erasure, the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based shall be communicated in writing within thirty days of receipt of the request. Where rectification, blocking or erasure is refused, Data Controller shall inform User of the possibilities for seeking judicial remedy or lodging a complaint with the National Authority for Data Protection and Freedom of Information.
Requests for information of the management of data and for the rectification, blocking or erasure of data shall be sent to Data Controller's email address firstname.lastname@example.org.
10. ENFORCEMENT OF RIGHTS
Users may object to the management of their personal data in a request submitted to Data Controller. In the event a User feels that Data Controller violated his/her rights to privacy, he/she may enforce such rights by turning to a court with appropriate jurisdiction with respect to Data Controller's registered office or User's permanent address or place of stay, or to the National Authority for Data Protection and Freedom of Information (email: email@example.com). Act CXII of 2011 on Information Self-Determination and Freedom of Information includes detailed provisions for these proceedings and for the obligations of Data Controller.
User may object to the management of his\her personal data,
● if management or disclosure is carried out solely for the purpose of discharging Data Controller’s legal obligation or for enforcing the rights and legitimate interests of Data Controller, the recipient or a third party, unless processing is mandatory;
● if personal data are used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and
● in all other cases prescribed by law.
In the event of objection, Data Controller shall investigate the cause of objection within the shortest possible time inside a fifteen day time period, adopt a decision as to merits and shall notify User in writing of its decision. If, according to the findings of Data Controller, User’s objection is justified, Controller shall terminate all management operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection. If User disagrees with the decision taken by Data Controller, or if Controller fails to meet the deadline specified for making the decision, Customer may turn to court within thirty days of the date of delivery of the decision or from the last day of the time limit.
By registering on the advertising site located at wuuff.dog, User accepts the content of the Privacy Statement, and gives consent to Data Controller to manage his/her data as set forth in this statement.
Budapest, January 6th 2017.