Privacy Policy


Thank you for your interest in our company and services! 

The trust of our Visitors is of the highest importance; therefore we handle our Visitors’ personal data with special care. The present Privacy Policy is to inform our Visitors of our data processing practices regarding the use of our website.

The Privacy Policy was drafted with special regard to the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter also as: GDPR); to Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Info Act); and to Act V of 2013 on the Civil Code (hereinafter: CC). The HEIMANN Grape and Wine Production Family Estate Limited Liability Company therefore especially observes the provisions of the GDPR.

Data Controller and Contact:
HEIMANN Szőlő- és Bortermelő
Korlátolt Felelősségű Társaság
Tel.: +36 20 961 71 01 
Email: adatvedelem@heimann.hu

Definitions


1.   „personal data”: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2.   „processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3.   „restriction of processing”: means the marking of stored personal data with the aim of limiting their processing in the future

4.   „controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

5.   „processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

6.   „recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

7.   „third party”: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

8.   „consent of the data subject”: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

9.   „personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

10. „terminal device”: means a computer or telecommunication device (especially but not limited to laptop, desktop, tablet, smartphone) on/from which the website is visited and/or accessed.

General Information


We hereby inform our Visitors that during their activity on http://www.heimann.hu/ (hereinafter also as: Website) – including especially but not limited to upon and throughout accessing the Website, registering on the Website, contacting us on the Website, ordering products on the Website, signing-up to our newsletter – personal data is processed, collected and handled. 

It’s our principle that we exclusively process personal data lawfully, with sufficient legal basis, with adherence to the principles of processing personal data, by ensuring the rights of the data subject and in a transparent fashion, exclusively for the specified purposes, with respect to data minimization and security. We process only such personal data that is necessary for the specified purposes, compatible with that purposes, and suitable for achieving that purposes. Therefore we process personal data only to the extent of achieving the specified purposes and for the necessary duration. 

We hereby inform our Visitors that we always observe the provisions of the relevant and applicable laws. We therefore pay special attention, in the course of our processing of personal data, to the following laws:

1. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter also as: GDPR),
2. Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Info Act),
3. Act V of 2013 on the Civil Code (hereinafter: CC),
4. Act C of 2000 on Accounting (hereinafter: Accounting Act),
5. Act C of 2003 on Electronic Communications (hereinafter: EC Act),
6. Act CLV of 1997 on Consumer Protection (hereinafter: CP Act),
7. Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity (hereinafter: BA Act),
8. Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: E-Comm Act)
9. Act CXXVII of 2007 on Value Added Tax (hereinafter: VAT Act)
10. Act CL of 2017 on the Rules of Taxation (hereinafter: RoT Act.)

Visiting the Website


Upon visiting the Website, we record for security purposes the IP-address, operating system, software environment, and the browser of the Visitor’s terminal device, as well as the time of visit and the pages visited. In addition to the network-, server- and data security, such data shall be recorded for the purposes of improving and the optimization of the online services. Therefore, the legal basis for the processing is based on Point f) Par. (1) of Art. 6 of GDPR (legitimate interest), and Point b) Par. (1) Section 6 of Info Act. 

Purpose of data processing: data security and service optimization
Basis for the processing: Art. 6 (1) f) of GDPR, and Section 6 (1) b) of Info Act
Processed data: IP-address, OS, browser, time of visit, visited pages

Contacting


Our Visitors may choose to contact us via the following email address. Data provided in the course of contacting shall be processed for the purposes of contacting and for the purposes of responding. Upon contacting us, you give your explicit consent to the processing of your personal data. Therefore, the legal basis for the processing is based on Point a) Par (1) Art. 6 of GDPR, and Point a) Par. (1) Section 5 of Info Act. 

Purpose of data processing: responding to communication
Basis for the processing: Art. 6 (1) a) of GDPR; Section 5 (1) a) of Info Act (consent of data subject)
Processed data: user’s name, email address, time of contact, other data provided by data subject 
Period of data storage: until erasure request of data subject but up to a maximum of 5 (five) years

Newsletter


Visitors may choose to subscribe to our newsletter by clicking here. Upon providing your name and email address you subscribe to our newsletter, following which you will receive electronic mails (Newsletter) from us. You may choose to unsubscribe from the Newsletter by clicking here. Upon subscribing to our newsletter, you give your explicit consent to the processing of your personal data. Therefore, the legal basis for the processing is based on Point a) Par (1) Art. 6 of GDPR, and Point a) Par. (1) Section 5 of Info Act.

Purpose of data processing: sending newsletter
Basis for the processing: Art. 6 (1) a) of GDPR; Section 5 (1) a) of Info Act (consent of data subject)
Processed data: user’s name, email address, time of subscription, user’s IP-address 
Period of data storage: consent withdrawal (unsubscribing), until erasure request of data subject

Facebook


Visitors may, on our Facebook page, contact us, send us messages, leave comments, follow our page, “like” our products, posts and page. During your Facebook activity you may provide personal data. Data provided in the course of Facebook activity shall be processed for the purposes of the activity, including especially but not limited to responding to communication, following and managing customer’s feedbacks, sharing our services, products, page and discounts. By your Facebook activity, you give your explicit consent to the processing of your personal data. Therefore, the legal basis for the processing is based on Point a) Par (1) Art. 6 of GDPR, and Point a) Par. (1) Section 5 of Info Act.

Purpose of data processing: responding to communication, popularizing our events, following and managing customer feedback, sharing our services, products, page and discounts
Basis for the processing: Art. 6 (1) a) of GDPR; Section 5 (1) a) of Info Act (consent of data subject)
Processed data: freely provided personal data by data subject, and the publicly accessible profile data provided the data subject liked and/or followed our page
Period of data storage: until erasure request of data subject but up to a maximum of 5 (five) years

We hereby inform you that throughout you Facebook activity, your data is also processed by Facebook Ireland Ltd. and Facebook, Inc. In order to learn more about the data processing practices of Facebook, please read the Privacy Policy of Facebook.

Instagram


Instagram

Visitors may, on our Instagram page, contact us, send us messages, leave comments, follow our page, “like” our products, posts and page. During your Instagram activity you may provide personal data. Data provided in the course of Instagram activity shall be processed for the purposes of the activity, including especially but not limited to responding to communication, following and managing customer’s feedbacks, sharing our services, products, page and discounts. By your Instagram activity, you give your explicit consent to the processing of your personal data. Therefore, the legal basis for the processing is based on Point a) Par (1) Art. 6 of GDPR, and Point a) Par. (1) Section 5 of Info Act.

Purpose of data processing: responding to communication, popularizing our events, following and managing customer feedback, sharing our services, products, page and discounts
Basis for the processing: Art. 6 (1) a) of GDPR; Section 5 (1) a) of Info Act (consent of data subject)
Processed data: freely provided personal data by data subject, and the publicly accessible profile data provided the data subject liked and/or followed our Instagram page
Period of data storage: until erasure request of data subject but up to a maximum of 5 (five) years

We hereby inform you that throughout you Instagram activity, your data is also processed by the owner of Instagram, Facebook Ireland Ltd. In order to learn more about the data processing practices of Instagram, please read the Privacy Policy of Instagram here and here.

Ordering Services


Visitors may, on our Website or via our contact information, choose to order our services. In order to provide you with our services we enter into a binding contract with you, for the conclusion and performance of which we process your personal data as per the nature of the service, and the personal data you provided. The data is processed until the performance of the services, and until the expiration of the related customer and warranty rights, exclusively for the purposes of providing the service unless otherwise stipulated by law. For compliance with a legal obligation – especially but not limited to compliance with the current commercial, consumer protection, and tax regulations – the personal data is processed to the extent of the legal obligation. Therefore, the legal basis for the processing is based on Point b) Par. (1) Art. 6 of GDPR, when processing is imposed by law, the basis is Point c) Par. (1) Art. 6 of GDPR and Point b) Par. (1) Section 5 of Info Act. We hereby inform you that pursuant to Point e) Par. (2) Art. 13 of GDPR the provision of personal data is a requirement necessary to enter into a contract.  Should you choose to not provide the personal data, the contracts pertaining to the services shall not be entered into or concluded with you. 

Purpose of data processing: provision of service
Basis for the processing: Art. 6 (1) b) of GDPR (performance of contract)
Processed data: personal data necessary for the provision of services 
Period of data storage: until the performance of the services and until the expiration of the related customer and warranty rights, and until as stipulated by law

Product Purchase


Visitors may, on our Website, purchase our products, for which we enter into a purchase contract with you. When entering into the contract, you provide data indispensably necessary for the conclusion, performance and accounting of the contract. For compliance with a legal obligation – especially but not limited to compliance with the current commercial, consumer protection, and tax regulations – the personal data is processed to the extent of the legal obligation. Therefore, the legal basis for the processing is based on Point b) Par. (1) Art. 6 of GDPR, when processing is imposed by law, the basis is Point c) Par. (1) Art. 6 of GDPR and Point b) Par. (1) Section 5 of Info Act. We hereby inform you that pursuant to Point e) Par. (2) Art. 13 of GDPR the provision of personal data is a requirement necessary to enter into a contract.  Should you choose to not provide the personal data, the contracts pertaining to the product purchase shall not be entered into or concluded with you.

Purpose of data processing: conclusion of contract, performance of contract, billing, enforcing rights and obligations in connection with the contract, contacting customers

Basis for the processing: Art. 6 (1) b) of GDPR (performance of contract)
Processed data: personal data necessary for the conclusion of contract, including especially but not limited to name, shipping address, age, phone number, email address 
Period of data storage: until the performance of the services and until the expiration of the related customer and warranty rights, and until as stipulated by law, if contract is concluded for 8 (eight) years pursuant to Par. (2) Section 169 of Accounting Act

Data Processors


We hereby inform our Visitors that the organizations (data processors) indicated on the below list process the personal data of the data subjects on behalf of our Company. Data procession includes the performance of certain technical tasks in connection with the personal data.

OTP Bank Nyrt.
authentication of SimplePay/bank
H-1051 Budapest, Nádor u. 16.
Processed data: card transaction  Nr., ID, date and amount of transaction

Gremsperger Ügyvédi Iroda
legal counseling, legal representation
H-1137 Budapest, Budai Nagy Antal u. 3.
Processed data: in the event of a legal dispute, every and all data as per the present Privacy Policy 

Tenidor Saldo Kft.
accounting
H-1112 Budapest, Tippan utca 1. A. lház. 2. em. 202/A
Processed data: every and all data as per the present Privacy Policy

Zola Transport Kft.
courier service
H-7100 Szekszárd Dr. Hirling Ádám utca 11. 3./12.
Processed data: name, shipping address, phone number, other contact info

Palatrans Express Kft.
courier service
H-7100 Szekszárd Keselyűsi út 22.
Processed data: name, shipping address, phone number, other contact info

FoxPost Zrt.
courier service
3200 Gyöngyös, Batsányi János u. 9.

Processed data: name, shipping address, phone number, other contact info

DPD Hungária Kft.
courier service
H-1158 Budapest, Késmárk utca 14/b.
Processed data: name, shipping address, phone number, other contact info

DHL Express Kft.
courier service
H-1185 Budapest, BUD Nemzetközi Repülőtér Terminal 1, DHL épület 302
Processed data: name, shipping address, phone number, other contact info

Sió-Trans Kft.
courier service
H-7100 Szekszárd Tartsay Vilmos utca 34.
Processed data: name, shipping address, phone number, other contact info

TNT Express Hungary Kft.
courier service
1185 Budapest, Nemzetközi Repülőtér 1. terminál
Processed data: name, shipping address, phone number, other contact info

Cookies


The Controller for better user experience and customization places and stores little text files on the browser or hard drive of the Visitor’s (User’s) terminal device, enabling our Website to recognize and identify the terminal device in question. The Visitor may delete the cookies from the terminal device, and may change the browser setting to disable cookies. Deleting/disabling cookies may result in limited usability of the Website, to which Visitor explicitly consents. 

Our Website uses both temporary (session) and persistent cookies. Temporary cookies are stored on the terminal device only for one session, upon the end of which such cookies automatically expire. Persistent cookies are stored on the terminal device until the user deletes them. Our Website uses analytical cookies that track the user’s internet activity. The purpose of tracking is to display customized ads for the user on the terminal device. 

We use the following cookies on our Website:

Name: Google Analytics
Purpose: collecting analytical statistic data
Type: tracking
Expiration: 1 year
Basis for the processing: Art. 6 (1) a) of GDPR; Section 5 (1) a) of Info Act (consent of data subject); Sec. 13/A. (4) of E-Comm Act.

Name: Facebook Pixel
Purpose: conversion
Type: non-tracking
Expiration: 1 year
Basis for the processing: Art. 6 (1) a) of GDPR; Section 5 (1) a) of Info Act (consent of data subject); Sec. 13/A. (4) of E-Comm Act.

We hereby inform our Visitors that the plugins, links, banners, and hyperlinks may direct our Visitors to other websites. We assume no responsibility nor liability for the content of other websites. Visiting, accessing or using such websites is at the Visitor’s own risk.

Rights of the Data Subject


If you wish to exercise your rights under the GDPR or the Info Act, please use the above contact information to get in touch with us. You have the following rights:


1. Right of access by the data subject (Art. 15 of GDPR),
2. Right to rectification (Art. 16 of GDPR),
3. Right to erasure (“right to be forgotten” Art. 17 of GDPR),
4. Right to restriction of processing (Art. 18 of GDPR),
5. Right to data portability (Art. 20 of GDPR),
6. Right to object (Art. 21 of GDPR),
7. Right to withdrawal of consent (Art. 7 of GDPR).
8. Right to lodge a complaint with a supervisory authority (Art. 77 of GDPR).


Should you wish to exercise your right to lodge a complaint, you may contact the supervisory authority on the below contact details:


Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)
H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: H-1530 Budapest, P.O. Box 5. 
E-mail: ugyfelszolgalat@naih.hu

Budapest, 1 Day of April Month, 2020 Year