Personal data protection is a top priority for Uniqball Ltd. We are committed to handling the personal data of our users and customers in compliance with relevant legal and quality control regulations; thereby facilitating safe internet use and online shopping.
Information on the data controller
Name of controller: Uniqball Ltd
Seat: H-6722 Szeged, Béke street 4, ground floor 2.
Company registry number: 06-09-026588
E-mail address: email@example.com
Data Protection Officer: not obligatory under Article 37 of GDPR
Data processing outside EU: the data processor does not process data outside the European Union.
We will only collect personal data that is necessary for data processing in the frame of our daily operation (for instance managing orders, delivery, handling complaints). We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date. When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data. We ensure the transparency of our data processing policy. We act in good faith and according to the general duty of cooperation to safeguard the privacy of our clients.
What kind of personal data is collected and controlled?
While using our web based services, the following data will be recorded: information about buying and the time of it, the moment of starting to visit the webshop and the one of terminating it, the users IP-address and sometimes – depending on the settings of the computer of the users – the type of the browser and of the operating system. Those items are recorded by the system automatically. Anonymous data will be recorded on the server as well, such as the website which the user visited before, the website to which the user changed for after visiting uniqball.eu and the IP addresses of unregistered visitors. During these registrations personal data will not be collected. The homepage is operated – as data processor – by Evista Ltd. (H-6722 Szeged, Attila utca. 11.).
Our server is in London, UK.
We also process the data on our customers necessary to perform the contract. These data include your name, home address, delivery address, email address, phone number, banking information, specific notes on the order given by the customer herself.
Our company does not collect and process special categories of personal data as specified in Article 9 of the GDPR. This article refers to health data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation; personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data. If this kind of data is collected incidentally, it should be removed immediately to avoid undertaking new obligations for the protection of that data.
Users shall note, that in case of handing over to us other persons’ data than themselves, they will be responsible for the consent of the subject before such an act is taken.
If you would not like to allow them, you can restrict them in your browsers settings. It may be possible that with restricting cookies information and pictures will appear partly, or not at all. Personal data given by the subject will be used by the controller until withdrawal. You can also subscribe to newsletters, you will have the possibility to unsubscribe sending an e-mail to firstname.lastname@example.org or clicking on the unsubscribe button at the bottom of each newsletter.
We may ask you to sign up to our newsletter. The newsletter helps us to promote directly our offers to our customers. By subscribing to newsletters the data subject gets the opportunity to be informed about promotions or other commercial news. You may withdraw your consent at any point.
Purpose of the use of the data
The primarily purpose of the collection and procession of the data is to perform the contract between you as our customer and us as service provider. We use the information collected from you to fulfil your order. This includes: managing the inquiries and orders, dealing with complaints, handling registration, monitoring our services, internal management of customers, marketing. The data will be used in the communication related to the orders and other transaction requested by the user (couriers as GLS, DHL or other partner involved in performing the contract). The partners of the controller may not use in any way other than fulfilling their contractual obligation, or transmit the date provided by Uniqball Ltd to third parties.
We may use information for purposes of aggregated trend and statistical analysis to evaluate and improve our services. We may create profiles by connecting multiple sources of data, such as our web-shop system or Facebook. (We use Facebook Pixels and Google Analytics.)
Our company has to comply with legal duties under law, such as proper administration of taxation, accounting. The disclosure of the data might be required to comply with a judicial proceeding, court order, subpoena or warrant.
(For example in the case of criminal investigation.)
The controller gathers only the information strictly necessary to achieve the above specified objectives.
Legal basis for processing your personal data
We are committed to collecting and using your information in accordance with applicable data protection laws. We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this. The following legal basis are applicable:
- If you have provided your consent to us using the personal information – Article 5.1.(a) of the GDPR and Article 5 (1) a) of Info Act
- If the processing of your personal data is necessary to perform our contractual duties and rights in relation the legal relationship – Article 6.1.(b) of the GDPR and Article 6.(1).a) of Info Act
- Your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities – Article 6.1.(c) of the GDPR and Article 5.(1).b) and 6.(5).a) of Info Act
- Use of your information is in our legitimate interest as a commercial organization, for example to operate and improve our services or ensure our contractual rights – Article 6.1.(f) of the GDPR and Article 6.(1).f) and Article 6.(5).b.) of Info Act
Who has access to your personal data?
In order to offer you the best service, we can share your personal data and give access to authorized personnel from our company, including: our staff, IT departments, commercial partners, legal services if applicable. Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example: external service providers (IT sub-contractors, banks, credit card issuers, postal services, external lawyers). IP addresses are accessible by our partners in managing the marketing (Facebook Pixels, Google Analytics, other advertisement partners).
We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
How we secure your data?
We take appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures and organizational measures (such as a user ID/password system, means of physical protection etc.).
The controller during data processing aims to be out for:
– confidentiality: protects data against unauthorized access
– integrity: protects the accuracy and completeness of the data and the processing method
The system and the network of the controller and his partners is protected against IT fraud, spying, sabotage, vandalism, and computer viruses, against cyber intrusions and attacks leading to refusal of services. The operator shall ensure the security of server-level and application-level protection features.
Please be aware, that electronically forwarded messages, regardless of the protocol (e-mail, web, ftp, etc) are vulnerable to network threats that lead to fraudulent activity, contract dispute, to disclosure or modification of the information. The service provider takes all reasonable precautions against such threats. He is monitoring the systems to record any security modifications, and to provide proof of all security events. Monitoring the system also allows us to monitor the effectiveness of the applied security measures.
Your rights under GDPR
You have legal rights under EU data protection laws in relation to your personal information. :
- To access personal information: You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
- To correct / erase personal information: You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first. You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information. We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
- To restrict how we use personal information: You can ask us to restrict our use of your information in certain circumstances, for example: where you think the information is inaccurate and we need to verify it; where our use of your information is not lawful but you do not want us to erase it; where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
- We can continue to use your information following a request for restriction where we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company or fulfill legal duties imposed by the municipal law.
- To object to how we use your information: You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
- To ask us to transfer your information to another organization: You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company). You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Personal data breach covers a range of data incidents, everything from accidental disclosure to deletion to an actual breach of security where information is stolen. In the case of a personal data breach, after a careful internal investigation of the incident, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
You may ask for information about processing their personal data. The controller shall offer the information requested by the subject about the type of data processed, the purpose of processing, the right of processing, the term of it, about the name, address and activity of the controller which can be related to the processing and about whom and for what purpose they are in the possession of those information. The request should be sent to email@example.com. The controller will answer the request in 8 working days. The subject may ask for deletion of his data.
You have a right to lodge a complaint with your local data protection supervisory authority at any time. The procedures are regulated by Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. In the event of any infringement of your rights as data subject, you may submit a complaint with the National Authority for Data Protection and Freedom of Information (www.naih.hu) or launch a court procedure at the Metropolitan Court of Budapest. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
– personal data: shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
– the data subject’s consent: shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.;
– controller: shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law;
– processing of personal data (‘processing’): shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
– processor: shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
– third party: shall mean any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the data
– the data subject’s objection: shall mean a declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed
– data transfer: shall mean ensuring access to the data for a third party
– data deletion: shall mean making data unrecognizable in a way that it can never again be restored.
Effective Date: 31.10.2019