MONARCHIA Borkereskedelmi Ltd.
Information on data processing

provided in order to explain the detailed rules of data processing with regard to the personal data of natural persons in accordance with the provisions of the regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as: ‘GDPR’) in the course of visiting the web store and purchasing products in the web store available at www.monarchiaborok.hu, owned by MONARCHIA Borkereskedelmi Ltd. (company registration number: 10-09-022656, registered seat: H-3300 Eger, Verőszala str. 62.), hereinafter referred to as: ‘Controller’).

The present information leaflet shall be displayed by the Controller on the above homepage visited by the consumers of the Controller in a place clearly visible. The information leaflet enters into force on the day of the disclosure and shall remain in force until the day when the Controller discloses new Information on data processing. The Controller reserves the right to unilaterally amend the present Information on data processing. In the case of unilateral amendment of the present Information on data processing, the former information leaflet shall prevail regarding web browsing, purchasing and processing data in the course of such activities commenced but not finished before the disclosure of the amended information leaflet. In the interest of transparency and customer-orientation, the Controller shall display separate notifications on its homepage on the eventual amendments of the present information leaflet.

I. The authorizing provisions regarding your personal details including, without limitation are the following:

- Act CXII of 2011 on Informational Self-determination and Freedom of Information (“Privacy Act”)
- Act CVIII of 2001 on certain issues of electronic commerce activities and information society services (Law of E-commerce)
- Act V of 2013 on Civil Law
- the General Data Protection Regulation (GDPR)

II. Definitions:

personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (i.e. manually), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; and executes tasks of a purely technical nature related to the processing operations (e.g. data recording);

personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted or otherwise processed;

recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;

third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

III. Principles of processing data

It is a particularly important aspect to the Controller to process, safely use and record the personal data provided by the users of its services and buyers of its products pursuant to the applicable laws and other regulations, to fully secure the right of informational self-determination of the visitors and to provide detailed information about the processing of personal data.

The Controller processes your data in accordance with the principles of lawful, fair and transparent processing, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality and accountability. The Controller ensures that its employees and personnel observe these principles.

The principle of purpose limitation is observed in the course of the processing data for clear and defined purposes set forth below, whereas data minimization means that the Controller only processes data that are absolutely necessary in order to achieve the purpose in accordance with the principle of storage limitation, i.e. personal data may not be stored longer than it is absolutely necessary.

The Controller informs you that your personal data will be irrevocable erased after the expiry of term defined below or when the aspects of the determination of the term are no longer valid and - only for the purpose of statistical analyses and calculation and development efforts - such data will be kept which cannot be associated with you and which cannot identify you in any form.

IV. The lawfulness of our processing - the legal basis for the processing in accordance with Article 6 of the GDPR:

1./ Processing based on consent: The consent of the Visitor/Buyer establishing a freely given, specific, informed and unambiguous indication of his or her agreement to the processing of personal data by the Controller relating to him or her;

2./ processing for the purpose of the performance of a contract: the performance of a contract to which the Visitor/Buyer is party;

3./ processing for the compliance with a legal obligation: processing is necessary for compliance with a legal obligation to which the Controller is subject (e.g. fulfilment of accounting obligations);

4./ Processing for legitimate interest: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party; The conditions of this legal basis are laid down in the data privacy code of the Controller which contains the circumstances taken into account when using the Balancing test and the used procedure.

5./ Data processing based on Law of E-commerce, 13/A. §: according to which Controller may handle the natural personal identification data of Visitor / Buyer (name, name of birth, mother’s name, date and place of birth, address) in order to conclude and determine the content and any amendments of the contract and monitoring the performance thereof regarding providing services of the information society, in case the contractual relationship is created, the invoicing of the fees (e.g. purchase price) arising from such relationship, and for the vindication of claims  in connection with that, and Controller can handle data regarding the date, time period and place of the utilization of the service.

V. Information map

We inform you about your personal data processed by us and the lawfulness and purpose limitation of the processing as follows:

The data subjects - classified in two categories - may visit our homepage and use the services of the web store. These categories of the processed and recorded personal data are as follows:

1. Users’ category - visitors:

In case you browse on our homepage and collect information, you use our homepage service as a visitor (hereinafter referred to as “Visitor”) until you do not register on our homepage. If you use our homepage service as a visitor, we do not obtain any personal data based on which you can be identified, and we do not store any data related to you in such case.

When you visit our homepage, we create a small piece of data, a so-called cookie, which does not collect information related to you but transmits information to us about usage patterns regarding the computer on which you are logged in. That means that we receive information about the pages opened, the clicks, however, these pieces of information are linked not to you but only to the computer used by you at a particular moment. The cookie is meant to make the use of our homepage more comfortable, effective and enjoyable and to send you special offers and advertisements. You do not give us the data necessary for the creation of the technical identifier but - in the light of the foregoing - we gather these data in the course of the usage of the homepage. Indeed, the data is automatically exchanged on the basis of the communication between the computers.

The legal basis of the use of the cookie is your consent, as when visiting the homepage - by clicking on the ‘I accept’ button on the pop-up page - you grant your consent to the lawful use of the above. However, you can also delete the cookie from your computer or you can block the use of cookies in your browser. Generally, you can manage cookies in the Tools/Settings page of the browsers under Data protection by naming the cookie. We consider the blocking of the cookies as the withdrawal of your consent.

2. Users’ category - buyers:

In case you intend to purchase items in the web store on our homepage, you can do it by registering on the homepage and providing your personal data.

You are kindly requested to thoroughly review the detailed information table regarding the data processed pursuant to the present clause:

Stored data of registered Visitor/Buyer:

Categories of data

Source of data

Purpose of processing

The lawfulness of processing

(Legal grounds)

Time period for which the personal data will be processed

1. surname and first name

Given by the Buyer

 Registration and identification of the Buyer

Performance of the Contract (Clause IV/2)

Until the deletion of registration

 For communication purposes

Performance of the Contract (Clause IV/2)

Until the termination of the contract

Conclusion, determination of the content, amendment of the contract and monitoring the performance thereof

13/A. § of E-commerce (Clause IV. 5.) and Performance of the Contract (Clause IV/2)

Until the termination of the contract

In case the contractual relationship is created, the invoicing of the fees (e.g. purchase price) arising from such relationship

13/A. § of E-commerce (Clause IV. 5.) and performance of legal obligation (IV. 3.)

based on 169. § of law C of 2000 for 8 years from the billing

Eventual claim and fraud prevention

Legitimate interest (IV.4.)

Until the expiry of the limitation period

2. Year of birth

(whereas persons under 18 years of age must not purchase alcoholic beverages)

Given by the Buyer

Conclusion, determination of the content, amendment of the contract and monitoring the performance thereof

Performance of 13/A. § of E-comm Law (Clause IV. 5.) and Contract (Clause IV. 2.)

Until the termination of the contract

Registration and identification of the Buyer

Performance of the Contract (Clause IV. 2.)

until the deletion of registration

for the purpose of the prevention of committing eventual violation and crime

Fulfilment of legitimate interest (IV.4.) and legal obligation (IV.3.)

Until the expiry of the limitation period

3. e-mail address

Given by the Buyer

According to clause 1.

According to clause 1.

According to clause 1., and in addition to that in case of the identification, registration of the Buyer – when data processing lasts until deletion of registration – in all cases until termination of contract

4. Password

Given by the Buyer

Registration and identification of the Buyer

in both cases performance of the contract (Clause IV.2.)

Until the termination of the contract and the deletion of the registration

For the purpose of communication

5. Billing address (country, city)

Given by the Buyer

Conclusion, determination of the content, amendment of the contract and monitoring the performance thereof

Performance of 13/A. § of E-comm Law (Clause IV. 5.) and contract (Clause IV. 2.)

Until the termination of the contract

Eventual claim and fraud prevention

Legitimate interest (IV.4.)

Until the expiry of the limitation period

6. Purchase amount, name and quantity of purchased products

Given by the Buyer

Conclusion, determination of the content, amendment of the contract and monitoring the performance thereof

Performance of 13/A. § of E-comm Law (Clause IV. 5.) and contract (Clause IV. 2.)

Until the termination of the contract

In case the contractual relationship is created, the invoicing of the fees (e.g. purchase price) arising from such relationship

Performance of 13/A. § of E-comm Law (Clause IV. 5.) and contract (Clause IV. 2.) and fulfilment of legal obligation (IV. 3.)

based on 169. § of law C of 2000 for 8 years from the billing

Eventual claim and fraud prevention

 

Until the expiry of the limitation period

We kindly inform our Buyers that - in order to purchase items in our web store - it is strictly necessary for the conclusion of the contract to provide the data in the above table, these data are the preconditions of the conclusion of the contract, therefore, the provision thereof is obligatory. In the absence of the above personal data, we cannot conclude any contract with you.

VI. Controller and processors

A.) Controller:

Your personal data indicated in clause V. are processed by our company as controller:

MONARCHIA Borkereskedelmi Kft.

company data: registration number: 10-09-022656, registered seat: H-3300 Eger, Verőszala str. 62., tax number: 11175030-2-10, representative: Dorottya Szalay executive director (phone number+36 (1) 337-0604 e-mail address: info@monarchiaborok.hu

Contact information of the customer service of our company:
E-mail address: info@monarchiaborok.hu
Phone number: +36 (1) 337-0604
Fax number:

We kindly inform you that the Controller and its employees have access to your data indicated in clause V. and such processing is governed by inner data protection regulations and all the employees of our company are obliged to comply with these regulations.

B.) Processors:

Your personal data indicated in clause V. are transferred by our company to the following undertakings and these undertakings have access to the data recorded by us and necessary to achieve the following purposes:

Mimóza Kommunikációs Kft. (registration number: 01-09-465357, registered seat:
H-1053 Budapest, Ferenciek square 2. 1st floor., tax number:12096530-2-41), which company fully operates our homepage, carries out development activities and maintenance works, and sends out newsletter on our behalf.

Pirín Informatikai és Kereskedelmi Kft. (registration number: 01-09-728005, registered seat: H-1193 Budapest, Könyvkötő str. 49., tax number: 13295969-2-43), which operates our web store by its web server.

MONARCHIA Borkereskedelmi Kft. (cégjegyzékszáma: 10-09-022656, székhelye: 3300 Eger, Verőszala u. 62.,
adószáma: 11175030-2-10), aki az elektronikus számlát az Ön részére kiállítja és azt a megadott email címére elektronikus úton vagy számlázási címére papír alapon megküldi.
OTP Bank (cégjegyzékszáma: 01-10-041585, székhelye: 1051 Budapest, Nádor utca 16., adószáma: 10537914-4-44), amely az online bankkártyás fizetést bonyolítja le.

MONARCHIA Borkereskedelmi Kft. (cégjegyzékszáma:10-09-022656, székhelye: 3300 Eger, Verőszala u. 62., adószáma: 11175030-2-10), amely az Ön által megvásárolt terméket Budapesten szállítja ki.

TNT Express Hungary Kft. (cégjegyzékszám: 0109068137, székhelye: 1185 Budapest II. Logisztikai központ - Irodaépület, BUD Nemzetközi Repülőtér 283. ép., adószám:10376166244)  Budapest vonzáskörzetén kívüli címre és vidékre kiszállítja.

We have concluded data processing contracts with all of the above listed service providers in which they guarantee the safety of your personal data, however, our company does not warrant and specifically limits its liability for the existence of, compliance with and enforcement of the data protection regulations of the data processors being in compliance with the law.

VII. Email marketing rights – newsletters

We kindly inform you that you can subscribe to our newsletters occasionally sent by us by giving your first name, family name, birth date and email address on our homepage. These newsletters contain ads, offers and other information ensuring thereby that You will be promptly notified about our products and the services provided by us. The legal ground for processing your personal data indicated in the present clause is the legitimate interest of the Controller bearing in mind that for direct marketing purposes we have the right to send marketing materials based on the above. The newsletters can be requested by giving the above data and clicking on the ‘send’ button. Your giving us and our handling of your birth year are based on a further performance of a legal obligation, as we cannot sell and send alcoholic beverages, or send offers regarding alcoholic beverages to persons until 18 years of age. Your data given in such manner are processed for the operation of the newsletter service used by the Controller, however, in case you protest against it and the conditions set out in the GDPR exist, we will erase the personal data indicated in the present clause and we will not send newsletters to you in the future.  We kindly inform you that - in order to use our newsletter service - the provisions of all the personal data indicated in the present clause is obligatory, in the absence of these data we cannot send you newsletters.

VIII. Your rights in connection with the processing of your personal data 

Right to access: You have the right to request information about the purpose of the data processing, in which category the data is classified, about the categories of the recipients, i.e. about the persons to whom your personal data are or will be disclosed - including in particular the recipients from third countries or international organizations, the period for which the personal data will be stored, or the criteria used to determine that period. You can request a copy of your data processed by us free of charge in one occasion, we charge a fee for requesting further copies.

Rights to rectification, to erasure (to be forgotten): You are entitled to request from the Controller the rectification, modification, supplement of personal data related to you in case you become aware that the recording thereof is not appropriate, or these data are changed. Our company shall be obliged to comply with this request without any delay. The erasure of the data can be requested in cases defined under law which will be performed by us if the conditions set out in article 17 of the GDPR exist. In such case your data will be permanently and irrevocable erased from our records.

Right to restriction of processing: in the cases set out in article 18 of the GDPR you have the right to obtain from us restriction of processing.
Furthermore, we kindly inform you in connection with the aforementioned rights that, in case of such requests, all the recipients to whom your personal data has been disclosed have to be informed about such acts, in case it is not disproportionately costly.

Right to data portability: According to Article 20 of the GDPR you have the right to request the personal data concerning you which you have provided to us based on your consent or the performance of any contract or to request from us to directly transmit those data to another controller.

Right to object: You have the right to object, on grounds of legitimate interest, at any time to the processing of personal data concerning you.

Withdrawal of consent: If our data processing is based on your consent, you are entitled to withdraw such consent at any time. Please also note that the withdrawal has no retroactive effect, thus it does not affect the lawfulness of our prior data processing.

Right to complain: If you notice that the processing of your data does not comply with the law or your rights have been prejudiced in connection with our processing, you are entitled to file a complaint to the supervisory authority or take legal actions before the competent court.

Contact information of the supervisory authority:

National Data Protection and Information Freedom Authority

address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Tel.: +36 (1) 391-1400
Fax number: +36 (1) 391-1410
e-mail address: ugyfelszolgalat@naih.hu
website: https://naih.hu/

IX. Ensuring data security 

If we notice any personal data breach, we, without undue delay and not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority indicated in clause VIII. If we conclude that the personal data breach is likely to result in a high risk to your rights and freedoms, we communicate the personal data breach to you within not later than 72 hours.

We kindly inform you that we have data protection regulations complying with the applicable laws and take measures which -according to the above - ensure the safe processing of your personal data in our organizational and technical systems.

Széchenyi 2020