Privacy policy

1.IMPRESSUM

Company name: 4EARTH Keseskedelmi Korlátolt Felelősségű Társaság

Abbreviated company name: 4EARTH Kft.

Headquarters: 3527 Miskolc, Zsigmondy Vilmos utca 9

Registration number: 05-09-032763

EU Tax number: HU27925085

Mailing address, complaint handling: 3527 Miskolc, Zsigmondy Vilmos utca 9

Email: 4earthltd@gmail.com

Phone number: +36309722738

Website: www.4earth.hu

Hosting Provider

Name: Shopify International Ltd.

Mailing address: c / o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings

Haddington Road

Dublin 4, D04 XN32

Ireland

Email: privacy@shopify.com

Website: www.shopify.com

( related to www.compostable.co )

GENERAL CONCEPTS
"Controller"means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
"Personal data" meansany information relating to an identified or identifiable natural person ("data subject"); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identified;
"Processing" meansany operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, systematization, sorting, storage, transformation or alteration, retrieval, consultation, use, communication, transmission or other means harmonization or interconnection, restriction, deletion or destruction;
"Restriction of data processing" meansthe marking of stored personal data with the aim of limiting their future processing;
"Profiling" meansany form of automated processing of personal data in which personal data are evaluated for the purpose of assessing certain personal characteristics of a natural person, in particular his performance, economic situation, state of health, personal preferences, interests, reliability, behavior, location or movement; used to analyze or predict related characteristics ;
"Processor" meansany natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
"Recipient" meansa natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
"Consent of the data subject" meansa voluntary, specific and well-informed and unambiguous statement of the data subject's consent to indicate his or her consent to the processing of personal data concerning him or her, by means of a statement or an unequivocal statement of confirmation;
"Data protection incident" meansa breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data which have been transmitted, stored or otherwise handled.

DESCRIPTION OF DATA MANAGEMENTS DURING THE OPERATION OF THE WEBSHOP

INFORMATION REGARDING THE USE OF COOKIES

What is a cookie ?

The Data Controller uses so-called cookies when visiting the website. The information package consisting of cookie letters and numbers that our website sends to your browser, in order to save certain settings, facilitate the use of our website, and contribute to the collection of some relevant, statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying an individual user, but some contain a unique identifier - a secret, randomly generated sequence of numbers - that your device stores, thus ensuring your identification. The description regarding the cookies mentions the functioning time period of some some Cookie.

The cookies mandate and the legal basis:

The legal basis for data processing under Article 6 (1) (a) of the Regulation is your consent.

Cookies used on the website:

Remarketing cookies : For past visitors or users to appear when browsing other sites on the Google Display Network or searching for terms related to their products or services.

Cookies strictly necessary for operation : These cookies are essential for the use of the website and allow you to use the basic functions of the website. Without these, many features of the site will not be available to you. The lifespan of these types of cookies is limited to the duration of the session only.

Cookies to improve the user experience : These cookies collect information about the user's use of the website, such as which pages you visit most often or what error message you receive from the website. These cookies do not collect visitor information, ie they work with completely general, anonymous information. The data obtained from these are used to improve the performance of the website. The lifespan of these types of cookies is limited to the duration of the session only.

You can manage / delete cookies as you wish. You can find more information on www.aboutcookies.org.

Remove cookies from the device

You can remove all cookies from your device by clearing your browsing history. This will allow you to delete all cookies associated with the websites you visited.

Keep in mind, however, that deleting your history may result in the loss of some saved information (e.g. login information, search settings).

Site-specific cookie managements

To further specify your options for the use of site-specific cookies, check and change the privacy and cookie settings of your browser as you see fit.

Disable cookies

Most browsers currently in use allow users to disable all cookies on their machine. In this case, however, the necessary settings must be made for each website separately. Some services and features may not work properly at all (e.g. creating a user profile, logging in).

DATA PROCESSED FOR CONTRACTING AND PERFORMANCE

Several data management cases may be implemented for the conclusion and performance of the contract. We would like to inform you that data processing related to complaint handling and warranty administration will only take place if you exercise one of these rights.

If you do not make a purchase through the webshop, you are only a visitor to the webshop, then what is written in the data management for marketing purposes may apply to you, if you give us consent for marketing purposes.

The data processing for the conclusion and performance of the contract is described in more detail below:

CONTACT

Data handled : Data you provided during contact.

Duration of data management : Data will only be processed until the contact is completed.

The purpose of data management: To maintain contact between you and the data controller.

Legal basis for data management: Your voluntary consent, which you give to the Data Controller by contacting us. [Data processing pursuant to Article 6 (1) (a) of the Regulation]

REGISTRATION ON THE WEBSITE

Data managed : Your name, address, telephone number, e-mail address, characteristics of the purchased product, and date of purchase.

Duration of data processing : The data will be processed until the consent is withdrawn.

Purpose of data management: By storing the data provided during registration, the Data Controller can provide a more convenient service (eg the data of the data subject does not have to be entered again when purchasing again).

Legal basis for data management: Your voluntary consent, which you give to the Data Controller by registering. [Data processing pursuant to Article 6 (1) (a) of the Regulation]

PROCESSING OF ORDERS

Managed information : Your name, address, telephone number, email address, product features purchased, date of purchase, or your bank details.

Duration of data management : The data is processed for 5 years according to the Civil Code.

The purpose of data management: To get to know the data necessary for the performance of the contract.

Legal basis for data management: Performance of the contract, for which the provision of the indicated data is essential. [Data processing pursuant to Article 6 (1) (b) of the Regulation]

ISSUE OF AN INVOICE

Data managed : Your name, address, telephone number, e-mail address, time and place of delivery, product designation, and purchase price.

Duration of data management : The issued invoices are issued in accordance with the Act. Pursuant to Section 169 (2), it must be kept for 8 years from the date of issue of the invoice.

Purpose of data management: The data management process is carried out in order to issue an invoice in accordance with the law and to fulfill the obligation to keep accounting documents. The Stv. Pursuant to Section 169, Paragraphs (1) - (2), companies must keep the accounting document directly and indirectly supporting the accounting records.

Legal basis of data management: Act CXXVII of 2007 on Value Added Tax. Pursuant to Section 159 (1) of the Act, the issue of an invoice is mandatory and must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [Data management pursuant to Article 6 (1) (c) of the Decree]

CARGO - RELATED DATA MANAGEMENT

Data managed : Your name, address, telephone number, e-mail address, characteristics of the purchased product, and date of purchase.

Duration of data processing : The data will be processed until the consent is withdrawn.

Purpose of data management: The data management process takes place in order to deliver the ordered product.

Legal basis for data management: Your voluntary consent, which you give to the Data Controller by registering. [Data processing pursuant to Article 6 (1) (a) of the Regulation]

GUARANTEE SERVICE

Data handled : Your name, telephone number, e-mail address, and the complaint itself.

Duration of data processing : Warranty complaints are kept for 5 years under the Consumer Protection Act.

Purpose of data management: The data management process is for the purpose of handling warranty complaints, if you have requested warranty administration.

The legal basis of data management: The consumer protection OL 1997 year on CLV. Act 17 / A. § (7), we are obliged to keep the complaint for 5 years [Data processing according to Article 6 (1) c) of the Decree]

DATA MANAGED ON THE BASIS OF VOLUNTARY CONSENT

Data managed : Date of consent and IP address of the data subject.

Duration of data processing : Due to legal requirements, the consent must be able to be verified later, therefore the duration of data storage will be stored for the limitation period after the termination of data processing.

Purpose of data management: During registration, ordering, subscribing to the newsletter, the IT system stores the IT data related to the consent in order to be provable later.

Legal basis for data processing: Article 7 (1) of the Regulation provides for this obligation. [Data processing pursuant to Article 6 (1) (c) of the Regulation]

5.COLLECTING DATA FOR MARKETING PURPOSES

NEWSLETTER SENDING FUNCTION

Data managed : Your name, age, gender, address, telephone number, e-mail address.

Duration of data processing : Until consent is withdrawn.

The purpose of data management: To promote the products sold by the Data Controller, to inform about discounts, to recommend the services of the Data Controller, and to keep in touch with you.

Legal basis for data processing: Your voluntary consent to the Data Controller by subscribing to the newsletter [Data processing under Article 6 (1) (a) of the Regulation]

REMARKETING

Data handled: Data handled by cookies specified in the cookie information .

Duration of data management : The data storage period of the given cookie , more information is available here:

More information about the cookies used by Google can be found at the following link: http://www.google.com/policies/technologies/ads/
GoogleAnalytics information: https : //developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
Facebook also places variouscookies on the affected computer , which you can find out more at https://hu-hu.face b ook.com/policies/cookies/ .
Booster Apps cookie information: www.boosterapps.com/privacy

Purpose of data management: Remarketing activity.

Legal basis for data processing: Your voluntary consent, which you give to the Data Controller using the website [Data processing in accordance with Article 6 (1) (a) of the Regulation.

SOCIAL MEDIA

FACEBOOK

Data managed : Your name, gender, age, e-mail address.

Duration of data processing : Until your consent is withdrawn

Purpose of data management: To share exclusive content on the Data Controller's websites, as well as content not found on them.

Legal basis for data management: Your voluntary consent, which you give to the Data Controller by using the website. [Data processing pursuant to Article 6 (1) (a) of the Regulation]. Using the Controller’s Facebook page " like" / " like " - click on the link in the User contribute to the Controller's news offerings to be published on their own news feed. The provisions of the section "Sending a Newsletter and Direct Marketing" apply to the newsletter. When using Facebook Sweepstakes, the data is processed in accordance with the “Privacy Aspects of Sweepstakes” section.

Information on the privacy practices of the Facebook page can be found in the privacy policy and regulations on the Facebook website at www.facebook.com .

Instagram

Data managed : Your name, gender, age, e-mail address.

Duration of data processing : Until your consent is withdrawn

Purpose of data management: to share exclusive content on the Data Controller's websites, as well as content not found on them.

Legal basis for data management: Your voluntary consent, which you give to the Data Controller by using the website. [ Data processing pursuant to Article 6 (1) (a) of the Regulation ]. The Data Instagram side of the " like" / " like " , "follow" - click on the link in the User contribute to the Controller's news offerings to be published on their own news feed. The provisions of the section "Sending a Newsletter and Direct Marketing" apply to the newsletter. When using Instagram Sweepstakes, the data is processed in accordance with the “Privacy Aspects of Sweepstakes” section.

Information on the privacy practices of the Instagram page can be found in the privacy policies and regulations on the Instagram website at www.instagram.com .

TWITTER

Data managed : Your name, gender, age, e-mail address.

Duration of data processing : Until your consent is withdrawn

Purpose of data management: To share exclusive content on the Data Controller's websites, as well as content not found on them.

Legal basis for data management: Your voluntary consent, which you give to the Data Controller by using the website. [Data processing pursuant to Article 6 (1) (a) of the Regulation]. The Data Twitter page to " like" / " like " , "Follow" , " tweet " - click on the link in the User contribute to the Controller's news offerings to be published on their own news feed. The provisions of the section "Sending a Newsletter and Direct Marketing" apply to the newsletter. When using Twitter Sweepstakes, the data is processed in accordance with the “Privacy Aspects of Sweepstakes” section.

Information on the privacy practices of the Twitter page can be found in the privacy policies and regulations on the Twitter website at www.twitter.com .

SWEEPSTAKE

Data managed : Your name, address, telephone number, e-mail address.

Duration of data management : The data will be deleted until the withdrawal of your consent or after the closing of the prize draw, except for the data of the winner, which the data controller is obliged to keep for 8 years according to the Accounting Act.

Purpose of data management: Registration of the person participating in the prize draw (player), contact, selection of the winner and delivery of the prize to the winner.

Legal basis for data management: Your voluntary consent, which you give to the Data Controller by using the website. [Data processing pursuant to Article 6 (1) (a) of the Regulation]

DATA PROCESSORS

(Hosting Provider)

Name:Shopify International Ltd.

Mailing address: c / o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings

Haddington Road

Dublin 4, D04 XN32

ireland

Email: privacy@shopify.com

Website: www.shopify.com

(Www.compostable.co)

DATA PROCESSING RELATED TO THE CARRIAGE OF GOODS

Name of the data processor:Magyar Posta Zrt . Corporate Sales Directorate

Contact details of the data processor:

Phone number: + 36-30-772-2835

E-mail address: ugyfelszolgalat@posta.hu

Head office: Budapest X. ker. Üllői út 114-116 , Hungary

The Data Processor participates in the delivery of the ordered goods on the basis of the contract concluded with the Data Controller. In doing so, the Data Processor may manage the name, address, and telephone number of the customer until the end of the calendar year following the dispatch of the postal item, after which it shall be deleted immediately .

Name of the data processor:Webshippy Kft.

Contact details of the data processor:

Phone number: + 36 1 99 88 099

Headquarters: Ezred utca 2. (B2 /
13/1 ) 1044 Budapest , Hungary

Name of the data processor:GLS General Logistics Systems Hungary Kft.

Contact details of the data processor:

Email address: info@gls-hungary.com

Head office: 2351 Alsónémedi , GLS Európa u. 2. Hungary

ACCOUNTING

Name of the data processor: Smart Express Technologies Kft.

Contact details of the data processor:

E-mail address: info@smartbooks.hu

Phone: +36 1 999 7916

Headquarters: 1132 Budapest Váci út 18., Hungary

The Data Processor participates in the accounting of accounting documents on the basis of a written contract concluded with the Data Controller. In doing so, the Data Processor shall provide the name and address of the data subject to the extent necessary for the accounting records, in accordance with the provisions of the Civil Code. It shall be managed for a period of time in accordance with Section 169 (2), after which it shall be canceled immediately .

ACCOUNTING

Name of the data processor: KBOSS.hu Kft.

Contact details of the data processor:

E-mail address: info@szamlazz.hu

Headquarters: 1031 Budapest, Záhony utca 7., Hungary

ONLINE PAYMENT

Name of the data processor:Mollie Bv .

The data processor is located at Keizersgracht 313, 1016EE A'dam , NL

Telephone number of the data processor: +31 20 820 20 70

The e-mail address of the data processor is info@mollie.com

The Data Processor participates in the execution of the Online payment on the basis of the contract concluded with the Data Controller. In doing so, the data processing concerned the billing name names manages and address, number and date of the order in the civil limitation period.

Description of the processor:PayPal (Europe) S.à.rl . et Cie , SCA

The data processing office is located at 22-24 Boulevard Royal, L- 2449, Luxembourg

Telephone number of the data processor: +352 261153399

The e-mail address of the data processor is service@intl.paypal.com

YOUR RIGHTS IN DATA PROCESSING

Access to processed personal data

You have the right to get to know, or access your own personal data stored by the Service Provider. You are obliged to send your request for access to the data to the Data Controller in writing and the Data Controller will provide the requested data in writing (electronically or by post), no verbal information will be provided.

Where the right of access is exercised, the information shall cover the following:

defining the scope of data processed,
the purpose, time, and legal basis of the data processing in terms of the scope of the processed data,
data transfer: to whom the data has been or will be transferred,
data source designation.

For the first time, the data controller will provide you with a paper or electronic copy of your personal data free of charge. If these copies are requested multiple times, frequently , the Data Manager can apply reasonable administrative fees on the requested data. If you request a copy electronically, the information will be provided to you by e-mail in a widely used electronic format.

Following the information, if you do not agree with the processing, the correctness of the processed data, you may request the correction, supplementation, deletion, restriction of the processing of personal data concerning them, object to the processing of such personal data, or initiate the procedure specified in this prospectus.

The right to correct and supplement processed personal data

At your request, the Data Controller shall, without undue delay, correct the inaccurate personal data provided by you in writing or supplement the incomplete data with the content specified by you. The Data Controller shall inform all recipients with whom the personal data has been communicated of the correction or addition, unless this proves impossible or requires a disproportionate effort. You will be informed of the details of these recipients if you request it in writing.

Right to data management restriction

You have the right, at the written request of the Data Controller, to restrict the data processing if

You dispute the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data,
the data processing is illegal and youoppose the deletion of the data and instead ask for a restriction on its use,
the Data Controller no longer needs the personal data for the purpose of data processing, but you request them in order to submit, enforce or protect legal claims,
You object to the data processing;in this case, the restriction applies for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over your legitimate reasons.

The Data Controller, at whose request you have restricted the data processing, will inform you in advance of the lifting of the data processing restriction.

Right to delete (forget)

At your request, the Data Controller will delete your personal data if any of the specified reasons exist:

personal data is no longer required for the purpose for which they were collected or otherwise processed by the Data Controller;
You withdraw your consent to the processing and there is no other legal basis for the processing;
You object to the processing for reasons related to your own situation and there is no legitimate reason for the processing,
You object to the processing of personal data concerning you for the purpose of direct business acquisition, including profiling, insofar as it relates to direct business acquisition,
personal data is processed illegally by the Data Controller;
personal data was collected in connection with the provision of information society services directly to children.

You may not exercise your right to delete or forget if data management is necessary

for the purpose of exercising the right to freedom of expression and information;
on grounds of public interest in the field of public health;
for the purposes of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the exercise of the right of data processing
to file, enforce, or defend legal claims.

Right to data portability

Data portability allows you to obtain and further use the “own” data provided by you in the Data Management System, for your own purposes and through various service providers. In all cases, the right is limited to the data you provide, there is no possibility of portability of other data. (eg statistics, transaction data, etc.)

Your personal data concerning him / her, which can be found in the Data Management System (eg during newsletter subscription, card arrangement):

in an articulated, widely used, machine-readable format,
authorized to transfer to another controller,
you may request the direct transfer of data to the other data controller - if this is technically feasible in the Data Controller's system.

The Data Controller fulfills the data portability request only on the basis of a request written by e-mail or post. In order to fulfill the request, it is necessary for the Data Controller to make sure that you are indeed entitled to exercise this right. To do this, you must provide in your request the data you have provided to the Data Controller on any part of the Website or otherwise in order to be able to identify the requester using the data in your system. Under this right, you may request no more than the portability of the data you have voluntarily provided to the Data Controller. Exercising the right does not automatically lead to the deletion of the data from the systems of the Data Controller.

Your right to stop processing your personal data

You may object to the processing of your personal data, including profiling, at any time for reasons related to your situation , and you have the right to object at any time to the processing of your personal data for direct business purposes, including profiling. If you object to the processing of personal data for the purpose of direct business acquisition, the personal data will no longer be processed by the Data Controller for this purpose.

You can object in writing (by e-mail or post) or, in the case of a newsletter, by clicking on the unsubscribe link in the newsletter.

Deadline for fulfilling the request

The Data Controller shall inform you of the measures taken within one month of receiving any request under point. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months, but in this case the Data Controller will inform you within one month of receiving the request, stating the reasons for the delay. If you have submitted the request electronically, the information will be provided electronically by the Data Controller, unless you request otherwise.

ENFORCEMENT OPTIONS

You can exercise your rights by e-mail or postal request. It is not possible to enforce any rights over the phone.

You can exercise your rights at the following contacts:

Name: 4EARTH Kft.

Correspondence: 3527 Miskolc, Zsigmondy Vilmos utca 9, Hungary

Phone number: +36309722738

Email address: 4earthltd@gmail.com

You will not be able to enforce your rights if the Data Controller proves that you are not in a position to identify the data subject. If your request is clearly unfounded or excessive (especially in view of its repetitive nature), the Data Controller may charge a reasonable fee for complying with the request or refuse to take action. Proof of this is the responsibility of the Data Controller. If the Data Controller has doubts about the identity of the natural person submitting the request, he / she may request the provision of additional information necessary to confirm the identity of the requester.

You are under the Decree as well as the Civil Code (Act V of 2013)

You can contact the National Data Protection and Freedom of Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22 / c , Hungary .;Website:hu ., e-mail: ugyfelszolgalat@naih.hu ) or

You can assert your rights in court.

DATA PROTECTION INCIDENTS

A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data that is transmitted, stored, or otherwise handled. In order to control the measures related to the data protection incident, inform the supervisory authority and inform the data subject, the Data Controller keeps a register containing the scope of personal data affected by the incident, the number and number of data subjects, the date, circumstances, effects and measures taken. If the Data Controller considers that a particular incident poses a high risk to the rights and freedoms of data subjects, it shall inform the data subject and the supervisory authority of the data protection incident without undue delay and within a maximum of 72 hours.

DATA SECURITY

The Data Controller undertakes to ensure the security of the data, as well as to take technical measures to ensure that the recorded, stored and processed data is protected, and to do everything possible to prevent their destruction, unauthorized use and unauthorized alteration. It also undertakes to call on any third party to whom the data may be transmitted or transferred to fulfill its obligations in this regard.

OTHER PROVISIONS

The Data Controller reserves the right to change this Data Protection Information with prior notice to the users. The alert of the modification must be available at www.4earth.hu and www.compostable.co

It shall enter into force after its publication on these websites.

This Privacy Policy is complied in accordance with Hungarian law and the Hungarian courts will have exclusive jurisdiction for any dispute under this agreement. The laws of your country may differ from Hungary and there may be additional legal requirements to use this website. You must comply with all applicable local and international laws and regulations regarding your use of our website.

This Privacy Notice is Valid from 27.04.2020

The above information is prepared in an understandable form and contains the most important information regarding the webshop.

If you require further information, please contact the contact details provided in this document.