Fill out our survey get 25% Off
Fill out our survey get 25% Off
1. Introduction
Sherparoute operated by Borbala Horvath private enterprenur (Hungary, 1125 Budapest, Alkotás u 39/A.; hereinafter referred to as
seller, data controller), as data controller, accepts the content of this legal notice as binding on
you. It undertakes to ensure that all data processing related to its activities complies with the
requirements set out in this policy and in the applicable legislation. Sheraproute
reserves the right to change this policy at any time. Any changes in due time, at least 8 (eight)
days prior to the change taking effect, shall be communicated to www.wellform.in the footnote
section of the tech website, in a separate notice, it notifies the customers and prospective
contractual partners as the persons affected by the data processing.
Sherparoute committed to protecting the personal data of its clients and partners,
it considers it of paramount importance to respect its clients right to informational self-
determination. Sherparoute processes personal data confidentially and takes all
security, technical and organizational measures that guarantee the security of the data.
Sherparoute in the following, describes his data management principles, presents
the expectations he has set for himself as a data controller and complies with them. Its data
processing principles are in line with the applicable legislation on data protection, in particular
the following:
• Regulation (Regulation)No 2016/679 of the European Parliament and of the Council
* year CXII. law on informational self-determination and freedom of information (Infotv.);
* Act V of the year – on the Civil Code (Civil Code.);
* annual CLV. law on consumer protection (Fgytv.);
* year XIX. law – on Criminal Procedure (Be.);
* Act C of the year-on accounting (accounting. tv.);
* year CVIII. law-on certain issues of electronic commerce services, as well as
information society services (Eker. tv.);
* Act C of the year – on electronic communications (Eht.);
* year XLVIII. act on the basic conditions and certain limitations of economic advertising
activities (Grt.);
2. DEFINITIONS
data processing: performing technical tasks related to data processing operations, regardless
of the method and means used to perform the operations and the place of application, provided
that the technical task is performed on the data;
processor: a natural or legal person, public authority, agency or any other body that processes
personal data on behalf of the controller;
processing: any operation or set of operations performed on personal data or sets of personal
data, whether or not by automated means, such as collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction;
restriction of processing: marking of stored personal data with a view to limiting their future
processing;
controller: the natural or legal person, public authority, agency or any other body which, alone
or jointly with others, determines the purposes and means of the processing of personal data;
where the purposes and means of processing are determined by European Union or member
state law, the controller or the specific criteria for the designation of the controller may also be
determined by Union or member state law; data controller: a natural or legal person or an
organization without legal personality who, alone or together with others, determines the
purpose of data management, makes and implements decisions on data management
(including the means used), or has it executed by a data processor entrusted to it;
data designation: the identification of the data in order to distinguish it;
data destruction: the complete physical destruction of the media containing the data;
data transfer: making data available to a specific third party;
data deletion: making data unrecognizable in such a way that their recovery is no longer
possible;
personal data breach: a breach of security resulting in the accidental or unlawful destruction,
loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or
otherwise processed;
data blocking: to limit the further processing of the data with an identification mark permanently
or for a specified period;
recipient: a natural or legal person, public authority, agency or any other body to which the
personal data are disclosed, whether or not it is a third party. public authorities which may
receive personal data in the context of a specific investigation in accordance with union or
member state law shall not be considered recipients; the processing of such data by those
public authorities shall comply with the applicable data protection rules in accordance with the
purposes of the processing;
data subject: any natural person identified or – directly or indirectly – identifiable on the basis of
specific personal data;
consent of the data subject: a voluntary, specific, informed and unambiguous indication of the
data subjects wishes by which the data subject, by a statement or by a clear affirmative action,
indicates his or her consent to the processing of personal data concerning him or her;
third party, third party: a natural or legal person, public authority, agency or any other body other
than the data subject, controller, processor or persons authorized to process personal data
under the direct authority of the controller or processor;
third country: any state that is not an EEA state.
disclosure: making data available to anyone;
registration system: any file of personal data, centralized, decentralized or functionally or
geographically, accessible on the basis of specific criteria
profiling: any form of automated processing of personal data in which personal data are used
to evaluate certain personal characteristics relating to a natural person, in particular to analyze
or predict characteristics relating to performance at work, economic situation, health, personal
preferences, interests, reliability, behavior, location or movement;
relevant and well-founded objection: an objection to the draft decision as to whether the
regulation has been infringed or whether the planned measure for the controller or processor is
in accordance with the regulation; the objection shall clearly demonstrate the significance of the
risks posed by the draft decision to the fundamental rights and freedoms of data subjects and,
where appropriate, to the free movement of personal data within the European Union;
personal data: any information relating to a personally identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly,
in particular by reference to an identifier such as a name, an identification number, location
data, an online identifier or to one or more factors relating to the physical, physiological, genetic,
mental, economic, cultural or social identity of the natural person;
objection: a statement by the data subject objecting to the processing of his / her personal data
and requesting the termination of the processing or the deletion of the processed data.
3. PRINCIPLES OF Sherparoute DATA MANAGEMENT
Personal data can be processed if
1. a) the data subject agrees to the processing of his / her personal data for one or more
purposes;
2. B) the processing is necessary for the performance of a contract to which the data subject is
a party or for taking steps at the request of the data subject prior to the conclusion of the
contract;
3. c) processing is necessary for compliance with a legal obligation to which the controller is
subject;
4. d) it is ordered by law or – based on the authorization of the law, within the scope specified
therein – by a decree of the local government for a purpose based on public interest (mandatory
data management);
5. (e) the processing is necessary to protect the vital interests of the data subject or of another
natural person; or
6. f) processing is necessary for the purposes of the legitimate interests pursued by the
controller or by a third party, unless such interests are overridden by the interests or
Fundamental Rights and freedoms of the data subject which require the protection of personal
data, in particular if the data subject is a child.
The consent of the legal representative is required for the declaration of an incapacitated minor
and a minor under the age of 16 with limited legal capacity.
If the data subject is unable to give his or her consent due to his or her incapacity or for any
other unavoidable reason, the personal data of the data subject may be processed to the extent
necessary to protect his or her vital interests or to prevent or prevent an imminent threat to the
life, physical integrity or property of the persons during the existence of obstacles to consent.
The processing of personal data shall be lawful and fair and transparent to the data subject.
Personal data may only be processed for a specific purpose, in order to exercise a right and
fulfill an obligation. Data management must comply with this purpose at all stages and the
collection and processing of data must be fair.
Only personal data that is essential for the achievement of the purpose of data management,
suitable for achieving the purpose, can be processed only to the extent and for the period
necessary for the achievement of the purpose. Personal data can only be processed with
appropriate informed consent.
The data subject shall be informed before the start of the data management whether the data
management is based on consent or mandatory. The data subject shall be informed – clearly,
intelligibly and in detail-of all the facts related to the processing of his / her data, in particular the
purpose and legal basis of the data processing, the person entitled to data processing and data
processing, the duration of the data processing, if the data controller processes the personal
data of the data subject with the consent of the data subject and for the purpose of fulfilling a
legal obligation to which the data controller is subject or to enforce the legitimate interests of a
third party, and who may know the data. The information should also cover the rights and
remedies of the data subject in relation to the processing.
During Data Management, the accuracy, completeness and up-to-date of the data must be
ensured and the data subject can only be identified for the period necessary for the purpose of
data management.
Personal data may be transferred to a data controller who processes data in a third country or
transferred to a data processor who processes data in a third country if the data subject has
expressly consented to it or if the above conditions for data processing are met and an
adequate level of protection of personal data is ensured in the processing and processing of the
data transferred in the third country. Data transfers to EEA states shall be deemed to take place
within the territory of Hungary.
4. SCOPE OF PERSONAL DATA, PURPOSE, LEGAL TITLE AND DURATION OF DATA
MANAGEMENT
Sherparoute’s data management is based on voluntary consent. The data
subjects expressly consent to the processing of the personal data provided by them by
accepting this Privacy Policy before finalizing their order, consent is a prerequisite for the
conclusion of the contract, since the performance of the service cannot be ensured without
providing the personal data indicated in this point. In some cases, the management, storage
and transmission of a range of data provided is required by law, which in the event of such
circumstances is required by Sherparoute. separately notify those affected.
The informants are only entitled to provide their own personal data for the purpose of data
management. The informant is responsible for the correctness and accuracy of the data
provided by him.
Sherparoutethe personal data provided will not be used for automated decision-
making or profiling.
DATA MANAGEMENT ON THE WEBSITE
4.1. PARTNER DATA
Purpose of data management: Sherparoute. on his website (www.sherparoute.com),
registration and differentiation of partners, fulfillment of orders, documentation of purchase and
payment, fulfillment of accounting obligations, partner contact, analysis of partner habits, more
targeted service.
Legal basis for data management: the voluntary consent of the data subject, the accounting. tv.
169. (2).
Scope of processed data: Date, Time, name, home address, billing address, delivery address,
phone number, e-mail address, name, quantity, purchase price of the purchased/ordered
products.
Duration of data management: in case of ordering products or in case of contact, the name,
telephone number of the partner until the notification, the purchase of the product, and the
number for further data. tv. 169. (2) eight years. The data subject may voluntarily extend the
processing deadline of his / her name, billing and delivery address and telephone number by
saving the data until the deletion of his / her user account.
4.2. QUALITY CLAIM MANAGEMENT
Purpose of data management: Sherparoute quality complaints about the services
provided.
Legal basis for data management: the voluntary consent of the data subject, the accounting. tv.
169. (2) and, in the case of consumers, the Fgytv. 17 / A. Jupp (7).
Scope of processed data: if the partner qualifies as a consumer, the name, address of the
consumer, in other words the partner, the name of the product, the purchase price, the date of
the purchase and the notification of the defect, the description of the defect, the claim to be
enforced by the consumer or partner and the way of settling the objection.
Duration of data processing:
- with respect to returns, the number is V. tv. 169. (2) eight years,
- in the case of consumers, the Fgytv shall provide copies of the minutes recorded on the
complaint and of the responses to written complaints. 17 / A. ② (7) five years,
- two years for duplicates of entries in the purchaser's book.
4.3. At www.sherparoute.com website COOKIE management
Sherparoute. at www.sherparoute.com as the operator of the tech website, the user places
and reads back a small data packet, a so-called Cookie, on the users computer in order to
provide customized service. If the browser returns a previously saved cookie, the provider
managing the cookie has the option to link the users current visit to the previous one, but only
for its own content.
The purpose of data management: to identify and distinguish users from each other, to identify
the current session of users, to store the data provided during it, to prevent data loss, to identify
and track users, to display personalized offers using the data recorded during the visit to the
website.
Legal basis for data management: consent of the data subject.
The user can delete the cookie from his / her computer or disable the use of Cookies in his / her
Browser. Cookies can usually be managed in the Tools/Settings menu of your browsers under
the privacy settings, under the name cookie or cookie.
Graphic measuring points have been placed on the page, the measurement results of which are
recorded by the websites server. Based on the graphical metrics, visitors to the website cannot
be identified later.
CONTACT sherparoute
4.4. Sherparoute CUSTOMER COMMUNICATION
If a question arises during the use of the services, the data subject may contact the data
controller by using the contact details provided in this policy or by using the form located on the
website and in the Contact menu item of the website.
Sherparoute all e-mails received by him, together with the senders name, e-mail
address, date, time data and other personal data provided in the message, will be deleted after
a maximum of five years from the date of communication.
OTHER DATA PROCESSING
For Data Processing not listed in this policy, Sherparouteprovides information
when recording data.
The court, the prosecutor, the investigating authority, the infringement Authority, the
administrative authority, the National Authority for data protection and freedom of information, or
other bodies may request the data controller for the purpose of providing information,
communicating, handing over data, or making documents available.
Sherparoute if the authority has indicated the exact purpose and scope of the
data, it shall only disclose personal data to the authorities to the extent and to the extent that is
strictly necessary to achieve the purpose of the request.
5. METHOD OF STORAGE OF PERSONAL DATA, SECURITY OF DATA MANAGEMENT
Sherparoute its computing systems and other data storage facilities are located
at its headquarters.
Sherparoute it selects and operates the IT tools used for the processing of
personal data during the provision of the service in such a way that the processed data:
1. (a) accessible to authorized persons (availability);
2. B) authenticity and authentication ensured(authenticity of data management);
3. c) verifiable (data integrity);
4. d) protected against unauthorized access (confidentiality of data).
Sherparoute in particular, the data shall be protected by appropriate measures
against unauthorized access, alteration, transmission, disclosure, erasure or destruction, as well
as against accidental destruction, damage or becoming inaccessible due to a change in the
technique used.
Sherparoute in order to protect the data files managed electronically in its various
registers, it ensures by appropriate technical means that the stored data – unless permitted by
law – cannot be directly linked and assigned to the data subject.
Sherparoute in view of the current state of technology, it ensures the protection of
the security of data management by means of technical, organizational and organizational
measures that provide a level of protection appropriate to the risks associated with data
management.
Sherparoute the data management process
1. a) confidentiality: protects the information so that only those who have the right can access it;
2. B) integrity: protects the accuracy and completeness of the information and the method of
processing;
3. (c) availability: ensures that, when the authorized user needs it, he has real access to the
information he wants and the means to do so are available.
Sherparouteits IT system and network are both protected against computer-
aided fraud, espionage, sabotage, vandalism, fire and flooding, as well as computer viruses,
computer burglaries and denial-of-service attacks. The operator provides security with server-
level and application-level protection procedures.
In the event of a personal data breach, Sherparoute as controller, notify the
supervisory authority without undue delay, unless the personal data breach is unlikely to pose a
risk to the rights and freedoms of natural persons.
Electronic messages transmitted over the internet, from protocol (e-mail, web, ftp, etc.) are
independently vulnerable to network threats that lead to dishonest activity, dispute contract, or
disclosure or modification of information. In order to protect against such threats, the data
controller shall take all reasonable precautions. It monitors the systems in order to record any
security discrepancies and provide evidence for each security incident. In addition, system
monitoring enables the effectiveness of the applied precautions to be verified.
6. DATA AND CONTACT DETAILS OF THE DATA CONTROLLER
Name: Borbala Horvath private enterpreneur
Location: Budapest
Registration: Court Of Registration Of The General Court Of Budapest,
Phone number: +36703866598 (standard rate)
E-mail: info@sherparoute.com
7. DATA AND CONTACT DETAILS OF DATA PROCESSORS
Sherparoute reserves the right to use data processors, the person of which shall
be informed in an individual manner prior to the commencement of data processing, while
providing an objection.
8. RIGHTS OF THE DATA SUBJECT, REMEDIES
The data subject shall have the right to obtain confirmation as to whether or not his or her
personal data is being processed and, if such processing is in progress, to obtain access to the
personal data and to information about the processing of his or her personal data. The data
subject May at any time request information about the processing of his / her personal data, the
rectification of his / her personal data, the restriction of data processing or – with the exception
of mandatory data processing – the deletion or blocking of his / her personal data, or object to
the processing of his / her personal data in the manner indicated at the data collection or at the
contact details of the data controller.
The withdrawal of consent to data management does not affect the lawfulness of the data
management carried out before the withdrawal.
The data subject shall have the right to receive the personal data concerning him or her in a
structured, commonly used, machine-readable format and to transmit these data to another
controller without hindrance from the controller to whom the personal data have been provided
(data portability).
The controller shall provide the data subject with a copy of the personal data subject to the
processing. For further copies requested by the data subject, the controller may charge a
reasonable fee based on administrative costs, communicated in advance. If the data subject
has submitted the request by electronic means, the information shall be provided in a widely
used electronic format, unless otherwise requested by the data subject.
At the request of the data subject, Sherparoute as a data controller, it provides
information about the data managed by it or processed by the processor entrusted by it, their
source, the purpose, legal basis and duration of data management, the name, address and
activity of the data processor related to data management, and in case of data transfer, its legal
basis and addressee. The data controller shall provide the free information in a comprehensible
form – in writing at the request of the data subject – within the shortest possible time from the
submission of the request, but not more than 30 days.
The data subject shall have the right to obtain from the controller without undue delay the
rectification of inaccurate personal data concerning him or her. Taking into account the purpose
of the processing, the data subject shall have the right to request the completion of incomplete
personal data, including by means of a supplementary statement.
The data subject has the right to request that the controller restrict the processing if the
accuracy of the personal data is contested by the data subject, for a period enabling the
controller to verify the accuracy of the personal data; the processing is unlawful and the data
subject opposes the erasure of the data and instead requests the restriction of their use; the
controller no longer needs the personal data for the purposes of the processing, but the data
subject; or the data subject has objected to the processing; in this case, the restriction applies
for the period until it is established whether the legitimate grounds of the controller prevail over
the legitimate grounds of the data subject. Wellform Technologies Kft. the data controller shall
inform the data subject, at whose request the data management has been restricted in
accordance with the above, of the lifting of the restriction of data management in advance.
The controller shall inform all recipients to whom the personal data have been disclosed of the
rectification, erasure or restriction of processing, unless this proves impossible or involves
disproportionate effort. The data subject shall be informed of these recipients upon request by
the controller.
Sherparoute block the personal data if the data subject so requests or if, on the
basis of the information available to him, it can be assumed that the deletion would harm the
legitimate interests of the data subject.
Blocked personal data can only be processed as long as the purpose of data management that
excluded the deletion of personal data exists.
Sherparoute. indicates the personal data processed by the data subject if the data
subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed
personal data cannot be clearly established.
The data subject shall have the right granted by the European legislator to obtain from the
controller the erasure of personal data concerning him or her without undue delay, and the
controller shall have the obligation to erase personal data without undue delay where one of the
following grounds applies. Sherparoute deletes the personal data if its
management
unlawful, the data subject requests, withdraws consent, the processed data is incomplete or
incorrect – and this condition cannot be legally remedied – provided that deletion is not
excluded by law, the purpose of data management has ceased, the statutory deadline for data
storage has expired, the data subject objects to data management and there is no overriding
legitimate reason for further processing, or it has been ordered by the court or the National
Authority for data protection and freedom of information, or if it has to be deleted in order to fulfill
a legal obligation under EU or member state law applicable to the data controller.
The data controller has 30 days to delete, block or correct the personal data. If the data
controller does not comply with the data subject's request for correction, blocking or deletion, it
shall notify the reasons for the refusal in writing within 30 days.
Sherparoute shall notify the data subject of the rectification, blocking, marking
and deletion, as well as all those to whom it has previously transmitted the data for the purpose
of data management.
The notification is omitted if this does not infringe the legitimate interest of the data subject with
regard to the purpose of the data processing.
The data subject may object to the processing of his / her personal data if
1. a) the processing or transmission of personal data is only necessary for the fulfillment of a
legal obligation to which the data controller is subject or for the enforcement of the legitimate
interests of the data controller, the data recipient or a third party, unless the data processing is
ordered by law;
2. b) the personal data is used or transmitted for the purposes of direct marketing, public opinion
polling or scientific research;
3. c) processing is necessary for the performance of a task carried out in the public interest or in
the exercise of official authority vested in the controller;
4. d) processing is necessary for the purposes of the legitimate interests pursued by the
controller or by a third party, unless such interests are overridden by the interests or
Fundamental Rights and freedoms of the data subject which require the protection of personal
data, in particular where the data subject is a child;
5. e) in other cases defined by law.
The controller shall no longer process the personal data in the event of the objection, unless we
can demonstrate compelling legitimate grounds for the processing which override the interests,
rights and freedoms of the data subject, or for the establishment, exercise or defense of legal
claims.
Sherparoute it shall examine the objection as soon as possible, but not more than
15 days after the submission of the application, shall make a decision on its merits and shall
inform the applicant of its decision in writing. If the data controller establishes the grounds for
the objection of the data subject, it shall terminate the data management – including further data
collection and data transfer – and shall block the data, and shall notify all those to whom the
personal data concerned by the objection have been forwarded earlier and who are obliged to
take measures to enforce the right to object.
If the data subject does not agree with the decision made by the data controller, he or she may
turn to court within 30 days of its notification.
Sherparoute you may not delete the data of the data subject if the data
management is ordered by law. However, the data may not be transferred to the data recipient if
the data controller has agreed with the objection or the court has established the legitimacy of
the objection. In case of violation of the data subject's rights, the data subject may turn to court
against the data controller.
Sherparoute shall compensate for any damage caused to others by the unlawful
processing of the data concerned or by the violation of the requirements of data security. In
case of violation of the personal rights of the data subject, the data subject shall pay damages
(Civil Code. 2:52. they can demand. The data controller shall also be liable to the data subject
for any damage caused by the data processor.
The data controller shall be exempt from liability if the damage was caused by an unavoidable
cause beyond the scope of data management. The data controller shall not reimburse the
damage and shall not be entitled to compensation in so far as the damage was caused by the
intentional or grossly negligent conduct of the data subject by the injured party or by the
violation of the rights of the person concerned.
Legal remedies and complaints can be made to the National Authority for Data Protection and
freedom of information:
Name: National Authority for Data Protection and freedom of information
Headquarters: 1125 Budapest, Erzsebet Szilagyi 22 / C.
Mailing address: 1530 Budapest, Pf.: 5.
Telephone: 06.1.391.1400
Fax: 06.1.391.1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
This privacy policy is governed by the rules of Hungarian law.
Copyright © 2024 Sherparoute - All Rights Reserved.
Powered by GoDaddy